An Instance refers to a server that is running our applications. Assume a single server is a single instance. Our cloud workloads are run on virtual machines called Instances. VM Virtual Machine and Instance are frequently used to mean the same. However, the term Instance is favored in cloud computing, although many people still use […]
This week, a young cybersecurity researcher demonstrated how to hack the webcams of Mac devices to leave the devices completely open to other attack variants. Ryan Pickren submitted his report to Apple through its rewards program, earning $100,500 USD for his report, the largest reward the company has ever delivered. The young researcher mentions that […]
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July […]
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and […]
Cybersecurity specialists report the detection of a critical vulnerability in some VMware products, including Cloud Foundation, Fusion and Workstation. According to the report, the successful exploitation of these flaws would allow threat actors to take control of hypervisors in virtual environments, putting millions of Windows, Mac and Linux users at risk. Cloud Foundation is VMware’s […]
A few weeks ago Microsoft contacted a small group of Azure customers to inform them that they could be affected by a vulnerability recently discovered and identified as NotLegit, which exposed the source code of Azure web applications at least since September 2017. The flaw, identified by Wiz researchers, was described as insecure default behavior […]
According to Gartner’s 2021 Magic Quadrant for Application Security Testing, “Modern application design and the continued adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders can meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST in the software delivery life cycle.” Unlike traditional […]
Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. “While cloud customers continue to face a variety of threats across applications and […]
The latest cloud security breaches show that we have miles to go as we keep fighting to keep our sensitive data safe. 2020 marked a record number of cyberattacks. Cloud-based services have been the most common target of such attacks. According to the State of Cloud Security 2021 report [PDF], 36% of the companies surveyed […]
So far, Microsoft has informed 140 companies about the new attack campaign being carried out by Nobelium 14 of which were compromised by the group. The IT security researchers at Microsoft have revealed that the threat actors from the Nobelium group are back in action and currently targeting resellers and Cloud service providers. Nobelium is […]
Cybersecurity specialists report the detection of an unpatched vulnerability in iCloud Private Relay, a service implemented by Apple in its latest update and whose successful exploitation would allow threat actors to obtain the true IP address of a user online. As some users may remember, iCloud Private Relay is a new feature for iPhone users […]
LA County resident booked in iCloud phishing scam pretended to be an Apple representative. A Los Angeles County man identified as Hao Kuo Chi was arrested for breaching thousands of Apple iCloud accounts and obtaining over 620,000 private photos and 9,000 videos of nearly 306 young women. According to the feds, the 40-year-old La Puente, […]
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
Being a USA-based web infrastructure and website security company, Cloudflare works for other companies managing connections to servers and web pages. Recently, Cloudflare has claimed that it has mitigated one of the largest DDoS attacks in history that involve more than 17.2 million Request-Per-Second (rps). Cloudflare works very efficiently, soon after detecting this large HTTP […]
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. “Within seconds, the botnet bombarded the Cloudflare edge […]
The security teams of the technology firm Palo Alto Networks announced the correction of a set of vulnerabilities in Prisma Cloud Compute, a solution for the protection of workloads in the cloud. The patches also address a flaw in the Windows agent for the Cortex XDR detection and response platform. According to the report, the […]
Recently, in a joint warning, the cybersecurity agencies of the US and UK have released a set of large-scale brute-force attacks escorted by the Russia-linked APT28 hacking group. There were many other groups that have been tracked in this attack like, Fancy Bear, Pawn Storm, Sednit, Strontium, and Tsar Team. Not only this, even all […]
A recent security report states that it is possible to hijack sessions on Google Compute Engine virtual machines to gain root access through a DHCP attack. While deploying this attack is impractical, an exploit attempt can be highly functional. The report, published on GitHub, mentions that a threat actor could allow threat actors to take […]
Using Windows Server in a “Windows container”? Then beware of it, as recently, it has been confirmed that highly sophisticated malware has been active for over a year. The cybersecurity researchers at Palo Alto Networks Unit 42 have recently discovered a new malware, known as, “Siloscape,” and it uses Windows containers to access Kubernetes clusters. […]
In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple’s China-based users to the latter’s servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, […]
According to CISA, it has verified one of the users had their account breached even though they were using “proper multi-factor authentication (MFA).” Last year, it was reported that threat actors have been using legitimate tools to compromise Cloud-based assets. Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to alert […]