The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments. “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP),” […]
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered […]
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, […]
Objective In the last chapter we saw on how to add resource to a VNet now in this chapter we will see how we will enable connectivity between two virtual networks. As we know that each virtual network is an isolated environment and for 2 resources in different two virtual network to talk to each […]
Overview In the last chapter (Azure cloud security tutorial series – Chapter 2 [Virtual Network]) we saw on how to create VNet in Azure. Once you have VNet created its time to add resources to it. It like once you have your virtual network created you will add computers, servers and other types of devices […]
Basic Overview Network is combination of many different systems connected together. In the Azure cloud security tutorial series – Chapter 1 [Azure Account] we talked about virtual network is a private space in a network where you can play around within systems in that virtual network. It’s a more secure way of putting your own […]
Basic Overview Azure is the mostly used cloud in IT organizations. Before cloud came into existence many companies or organizations were using Microsoft products in their organization like Windows OS, MS Office and even Microsoft server OS on their servers for running internal authentication server called AD and others. So it is easy for all […]
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. “Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone going by the […]
North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already […]
The Cybersecurity and Infrastructure Security Agency (CISA) has come up with a list of free tools that businesses may use to protect themselves in cloud-based settings. According to the article published by CISA, these tools will assist incident response analysts and network defenders in mitigating, identifying, and detecting threats, known vulnerabilities, and abnormalities that occur […]
A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary “gained unauthorized access to our systems to target a small and specific set of our customers,” Bob Phan, chief information security officer (CISO) […]
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. “The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique,” security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad […]
Sysdig, a company that specializes in cybersecurity intelligence, uncovered a sophisticated hacking operation known as Scarleteel in February. Since then, Scarleteel has refined both its infection and exfiltration techniques and moved into phase two. Recent operations by Scarleteel have targeted settings such as AWS Fargate and Kubernetes, which indicates a clear shift from just crypto […]
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company […]
Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source,” blockchain […]
As more organizations come out to declare data breaches that were caused by the program’s flaws, the developer of the popular MOVEit file transfer tool has revealed that its software has a second flaw that makes it susceptible to vulnerabilities. The software business Progress said on Friday that after the discovery of the initial vulnerability, […]
A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. “The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers’ PostgreSQL databases and the ability to perform a […]
A new information-stealing malware has set its sights on Apple’s macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it’s the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 […]
The U.S. Securities and Exchange Commission (SEC) made the announcement today that Blackbaud Inc., a public company located in South Carolina that offers donor data management software to non-profit organizations, has agreed to pay $3 million to resolve charges for providing deceptive statements about a ransomware attack in 2020 that affected more than 13,000 clients. […]
CloudTrail is the tool that AWS administrators rely on to keep track of all API activity inside their accounts. CloudTrail helps teams to identify unusual behavior in AWS environments, spot attacks quicker, and get a better understanding of what occurred after security events. This is accomplished by monitoring the use of APIs. CloudTrail is an […]
Web application firewalls, also known as WAFs, are intended to protect web-based applications and application programming interfaces (APIs) from malicious HTTPS traffic coming from the outside, particularly cross-site scripting and SQL injection attacks, which never seem to fall off the security radar. SQL injection in particular is a constant among the output of automated code […]