Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024. “Victims get infected via phishing emails containing a Read more…
Ruijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as Read more…
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. “Recent cybersecurity Read more…
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with Read more…
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Styra’s Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate Read more…
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services Nov 08, 2024Ravie LakshmananIoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. “This botnet utilizes remote code Read more…
Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users Nov 06, 2024Ravie LakshmananCloud Security / Phishing Protection Google’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. “We Read more…
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services Oct 28, 2024Ravie LakshmananCloud Security / Cyber Attack A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset Read more…
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining Oct 26, 2024Ravie LakshmananCloud Security / Cryptocurrency The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. “The group is Read more…
Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security Oct 25, 2024Ravie LakshmananCloud Security / Artificial Intelligence Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of Read more…