The people who are responsible for the management of the Cloud computing architecture in an organization are known as cloud architects. They are involved with everything related to cloud computing, from storage or delivery to servers and networks which are used to manage cloud storage. Cloud technologies are growing increasingly complex with a lot of […]
Cybersecurity specialists from Intezer report the finding of a privilege escalation vulnerability in Microsoft Azure Functions whose exploitation would allow threat actors to escape from a container. Experts mention that these containers run under the privileged Docker flag, so device files in the /dev directory can be shared between the Docker host and the container […]
A group of specialists has detailed a method for abusing a well-known “H2C smuggling” technique in order to authenticate and bypass some WAF mechanisms on multiple cloud platforms. Early stages of the attack include WAF routing and omissions in Microsoft Azure, as well as an authentication bypass in Cloudflare Access. Bishop Fox developers mention that […]
Cloudflare is a denial of service (DDoS) protection mechanism for your servers or, so to speak, it is a barrier between the user and the websites they visit. This tool functions as a proxy, providing additional services such as caching, attack protection and hiding the true IP address of the server hosting the user’s website. […]
More than 1 million e-learning users data exposed from a misconfigured and unencrypted Amazon S3 buckets and other types of servers. The exposed data can be accessed by anyone online without any form of authentication. e-learning Students Data Leak The breach was found by researchers at Wizcase, the breach affects 5 different eLearning Companies around […]
Can you guess how many users are there who access Google cloud? It’s near about 4 million! Yes, this is real, and now you can have an estimate of how many people save their confidential data on Google cloud. Further, one can also wonder about the efforts needed to keep all this data safe from […]
The Attack Range solves two main challenges in development of detections. First, it allows the user to quickly build a small lab infrastructure as close as possible to your production environment. This lab infrastructure contains a Windows Domain Controller, Windows Workstation and Linux server, which comes pre-configured with multiple security tools and logging configuration. The […]
A Dutch politician could be living his last days at large, as he is facing a sentence of up to three years in prison for a hacking scandal. According to information security specialists, the politician aspiring faces charges for having compromised hundreds of iCloud accounts. Mitchel Van der K, a marketing worker nominated for the […]
Companies worldwide are constantly victims of cyber attacks; the new member of the club is the Mixcloud music company, which due to a security breach compromised 21 million user registrations according to cyber security awareness course experts. Through a social media statement, the direct competition company of SoundCloud apologized to its users for the inconvenience, […]
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. Quick reference Where to get help: the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues: https://github.com/RhinoSecurityLabs/ccat/issues Maintained by: the Rhino Assessment Team Requirements Python 3.5+ is required. Docker is required. Note: CCAT is tested with Docker Engine 19.03.1 version. […]
MixCloud investigating a data breach that impacts more than 20 million registered users for the service. MixCloud is a popular music streaming service. The platform allows the listening and distribution of radio shows, DJ mixes, and podcasts which are uploaded by its users. The company said it has more than 17 million users. MixCloud was […]
Multiple reports have recently emerged about serious security flaws affecting cloud deployments. This time, digital forensics experts at security firm Palo Alto Networks reported a critical server-side vulnerability in Jira, an issue tracking product of Atlassian Corp. which, if exploited, could expose users’ stored data. To be precise, this is a server-side request forgery vulnerability […]
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan […]
Mondoo Mondoo is a natural language query system for scanning, deploying and remediating your cloud-native applications. Feature Insights into your fleet Ask questions about your deployments and get answers. Simple questions are answered using AI for recognition and a fast search. Developers use queries based on GraphQL with added JS extensions. Stop searching across multiple […]
NextCry ransomware is a new malware that has been spotted in the wild targeting files of clients who use Nextcloud file sync and share service. The ransomware gets its name from the extension it uses to append the file names of encrypted files. There is no free decryption tool available for NextCry victims at the […]
An Iranian based Cloud Infrastructure provider Arvan experienced a DDoS attack that peaks up to 5,000 Requests Per Second via Telegram MTProxy. The attack started on November 6 and lasts for 3 days. The MTProxy was used by Telegram to bypass the Iranian filtering system as the Telegram banned in Iran. Several users started using […]
The week is just beginning and new security incidents affecting major technology companies have already being reported. According to web application security specialists, SmarterASP.NET, an ASP.NET hosting service provider, was the victim of a serious ransomware attack that could affect its more than 400k customers. This is the third time this year that a major […]
The new pharmaceutical features will help companies to develop more direct relations with patients. On Tuesday, Salesforce launched new capabilities for its Health Cloud that target specific segments in the life sciences sector— the drug industry and companies in medical devices. The development of Salesforce’s Health Cloud forms part of the greater effort of the […]
Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud’s speed for your tools. Deploys in minutes. Use and manage it with its polished web interface. Ideal for your penetration tests, shooting ranges, red teaming and bug bounties! Self-host your attack infrastructure painlessly, deploy your […]
Data protection experts reported the finding of more than 7 million Adobe Creative Cloud user records exposed due to a database with configuration errors. The exposed implementation has already been secured. Although no passwords or financial details were found, the database did contain really detailed information about nearly 7.5 million customers, including the list of […]
Mozilla publishes FAQ reports that outline its implementation plans for DNS-over-HTTPS. Mozilla has today clarified that “no funds are being exchanged for DNS Cloudflare requests” as part of the DNS-over-HTTPS (DoH) function currently being slowly switched on to Firefox users in the United States. The app developer has recently been heavily criticized for its Cloudflare […]