Heimadal Security

FEBRUARY 23, 2024

Researchers in security are issuing warnings about threat actors misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. Reports from […] The post Google Cloud Run Abused in Massive Banking Trojan Operation appeared first on Heimdal Security Blog.

Banking 100

Banking Cybersecurity 100

Krebs on Security

JULY 2, 2021

Researchers Radek Domanski and Pedro Ribeiro originally planned to present their findings at the Pwn2Own hacking competition in Tokyo last year. The researchers said Western Digital never responded to their reports. “We strongly encourage moving to the My Cloud OS5 firmware,” the statement reads.

Firmware 348

Firmware Passwords Internet Internet 348

The Hacker News

APRIL 16, 2024

The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground

Cybersecurity 88

Cybersecurity 88

Security Boulevard

APRIL 27, 2024

The widespread adoption of cloud services has introduced cybersecurity challenges and compliance complexities due to various privacy regulations in different jurisdictions. According to Pew Research Center, 79% of respondents expressed concerns about the collection and processing of their personal data by companies and government entities.

Government 69

Government Cybersecurity Risk 69

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The researchers observed similarities in code and build paths with a previously reported malware called HiatusRat , linked to China. ” reads the Lumen’s Black Lotus researchers.

Malware 104

Malware DNS Authentication Telecommunications 104

Security Boulevard

APRIL 17, 2024

Researchers from ETH Zurich have uncovered a new attack method dubbed “Ahoi Attacks” that threatens the security of confidential virtual machines (CVMs) within cloud environments. Heckler Heckler […] The post Ahoi Attacks: A New Threat to Confidential VMs in the Cloud appeared first on TuxCare.

Cybersecurity 64

Cybersecurity 64

eSecurity Planet

JULY 2, 2019

The cloud can be seen as an opportunity to improve security or as a new class of risk, according to reports released in June.

Risk 56

Risk 56

Security Boulevard

APRIL 14, 2022

An analysis of more than 680,000 identities across 18,000 cloud accounts from 200 different organizations published this week by Palo Alto Networks found nearly all (99%) cloud users, roles, services and resources were granted excessive permissions that were unused for 60 days or more.

Accountability 143

Accountability Cybersecurity 143

Penetration Testing

MARCH 11, 2024

Security researchers have exposed a crafty attack campaign manipulating a decentralized content delivery network (CDN) to reap quick profits ahead of an upcoming cryptocurrency release.

Penetration Testing 100

Penetration Testing Cryptocurrency Accountability Malware 100

eSecurity Planet

DECEMBER 1, 2022

The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. The security issues were reported to IBM Cloud in late August, and were patched in early September. Network Access to IBM Cloud Build Servers.

Software 135

Software Authentication Passwords Accountability 135

SecureWorld News

AUGUST 1, 2023

The accelerated adoption of cloud computing over the past decade has unlocked new levels of business agility, scalability, and cost efficiency. However, security has struggled to keep up with the rapid pace of cloud innovation. However, these components are not always implemented properly or monitored.

Risk 88

Risk Malware Internet Internet 88

Penetration Testing

FEBRUARY 20, 2024

Since September 2023, security researchers from Cisco Talos have observed a sharp increase in malicious emails designed to infect victims with banking trojans.

Penetration Testing 80

Penetration Testing Banking Malware 80

Security Boulevard

NOVEMBER 22, 2023

Microsoft over the past decade has doled out more than $60 million rewards to researchers who have found various security flaws in its software and is now ready to pay out some more. The IT and cloud services giant this week noted the 10-year anniversary of a bug program that initially focused on vulnerabilities in.

Software 116

Software Ransomware Malware Cybersecurity 116

Security Affairs

NOVEMBER 4, 2023

Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are cloud security firm Aqua have observed threat actors exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables in attacks against cloud environments.

Architecture 101

Architecture Cryptocurrency Hacking Cybercrime 101

The Hacker News

OCTOBER 17, 2023

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. Sonar security researcher Thomas Chauchefoin, who discovered the bugs, out of a maximum of 10.

Software 113

Software 113

CSO Magazine

OCTOBER 6, 2022

Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. The volume and complexity of security alerts: We’ve all heard about “alert storms” and “alert fatigue.” This is not just a numbers game.

Technology 130

Technology Marketing Internet Internet 130

The Hacker News

DECEMBER 6, 2023

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. AWS STS is a web service that enables

Accountability 87

Accountability 87

The Hacker News

JULY 27, 2023

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Cybersecurity 98

Cybersecurity 98

Security Affairs

MARCH 6, 2024

Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Cado Security Labs researchers discovered this campaign after detecting initial access activity on a Docker Engine API honeypot. ” reads the report from Cado Security.

Malware 140

Malware Cryptocurrency Engineering Internet 140

Bleeping Computer

SEPTEMBER 29, 2022

Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices. [.].

Cryptocurrency 140

Cryptocurrency 140

Security Boulevard

JANUARY 23, 2024

What does a suburban roofing company have in common with a cloud supplier? This conversation occurred with Sean Heide, research technical director at the Cloud Security Alliance, Chris Holland, VP […] The post The Vendor of My Cloud-Vendor is My Friend appeared first on TechSpective.

59

59

Security Affairs

FEBRUARY 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 107

Authentication Cybersecurity Hacking Accountability 107

Security Affairs

MARCH 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 122

Hacking Cybersecurity Software Risk 122

Security Affairs

FEBRUARY 4, 2024

What is Data Security Posture Management ( DSPM ) and how can mitigate the risks of data leaks such as the ‘Mother of all Breaches.’ ’ Cybersecurity researchers recently uncovered what is now being dubbed the ‘ Mother of all Breaches.’

Data breaches 102

Data breaches Identity Theft Risk Cybersecurity 102

Malwarebytes

MARCH 21, 2024

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII). Firebase is a platform for hosting databases, cloud computing, and app development. What the researchers discovered was scary.

Passwords 115

Passwords Banking Internet Internet 115

Google Security

JUNE 22, 2023

Anthony Weems, Information Security Engineer 2022 was a successful year for Google's Vulnerability Reward Programs (VRPs), with over 2,900 security issues identified and fixed, and over $12 million in bounty rewards awarded to researchers.

Engineering 77

Engineering Internet Internet Information Security 77

eSecurity Planet

NOVEMBER 17, 2022

Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. The information uncovered by the researchers includes physical addresses, email addresses, phone numbers, driver’s license numbers, names, loan details, and credit scores. A Data-Centric View. A Pervasive Privacy Problem.

Data privacy 143

Data privacy Risk Marketing Passwords 143

Security Boulevard

JANUARY 10, 2023

A report published today by secure access service edge (SASE) platform provider Netskope identified more than 400 distinct cloud applications that delivered malware in 2022. The report found that 30% of all cloud malware downloads in 2022 originated from the Microsoft OneDrive service.

Malware 105

Malware Cybersecurity 105

CSO Magazine

APRIL 12, 2022

Almost all cloud users, roles, services, and resources grant excessive permissions leaving organizations vulnerable to attack expansion in the event of compromise, a new report from Palo Alto’s Unit 42 has revealed. The findings indicate that when it comes to IAM in the cloud, organizations are struggling to put good governance in place.

Government 143

Government 143

Security Affairs

FEBRUARY 21, 2024

Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The researchers also observed the malware using a new version of a popular user mode rootkit to evade detection by hiding processes and on-disk artifacts. ” reads the report published by Cado Security.

Malware 108

Malware Architecture Marketing Engineering 108

eSecurity Planet

JUNE 21, 2022

In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored on SharePoint and OneDrive. Also read: PowerShell Is Source of More Than a Third of Critical Security Threats.

Backups 114

Backups Ransomware Accountability Phishing 114

eSecurity Planet

JANUARY 18, 2024

Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It excels in remote access, scalability, and security, with distributed storage options and privacy adherence capabilities.

Risk 124

Risk Backups Encryption DDOS 124

Security Affairs

DECEMBER 21, 2021

Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. Follow me on Twitter: @securityaffairs and Facebook.

DDOS 131

DDOS Malware Hacking Cybercrime 131

The Hacker News

JANUARY 24, 2024

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca.

Accountability 91

Accountability Engineering Cybersecurity 91

InfoWorld on Security

OCTOBER 11, 2022

More than 80% of organizations have experienced a security incident on a cloud platform during the past 12 months according to research from Venafi. The study also shows that organizations encountered security incidents due to unauthorized access and misconfigurations. To read this article in full, please click here

124

124

CSO Magazine

JULY 4, 2022

Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh.

Data breaches 145

Data breaches 145

Security Affairs

JANUARY 7, 2024

cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Considering the sensitive nature of these documents shared with exchanges, users rightfully expect organizations to safeguard them securely. The instance has since been secured and is no longer accessible.

Cryptocurrency 131

Cryptocurrency Marketing Hacking Data breaches 131