#CloudSecurity

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

by

August 16, 2024 at 10:33AM Palo Alto Networks discovered threat actors extorting organizations by exploiting inadvertently exposed environment variables in cloud environments, compromising sensitive information. Over 110,000 domains were targeted, exposing access keys and login credentials for various services. The attackers used various methods to exploit the compromised data and urged organizations to enhance their … Read more

Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid Clouds

by

August 15, 2024 at 05:10PM Researchers have discovered a vulnerability in Microsoft Entra ID that can enable attackers to bypass authentication in hybrid identity infrastructures. This involves manipulating the Pass-Through Authentication (PTA) agent, allowing them to log in as any synced AD user without knowing their actual password. Microsoft plans to address the issue, which … Read more

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

by

August 15, 2024 at 03:21AM A new attack vector named ArtiPACKED exploits GitHub Actions artifacts, potentially compromising repositories and cloud environments. Palo Alto Networks Unit 42 researchers revealed how misconfigurations and security flaws could lead to the leakage of tokens, opening opportunities for malicious actors to compromise services and push rogue code to production. Vulnerable … Read more

DigiCert to Acquire Vercara

by

August 14, 2024 at 03:09PM DigiCert, backed by Clearlake, Crosspoint, and TA, will acquire Vercara from Golden Gate Capital and GIC. The acquisition will expand DigiCert’s capabilities to protect organizations from cyberattacks. The acquisition aims to provide customers with unified DNS and certificate management experience, enhancing digital trust. The acquisition is expected to close this … Read more

Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data

by

August 14, 2024 at 11:16AM Tenable researchers identified vulnerabilities in Microsoft’s Azure Health Bot Service that could have been exploited by threat actors to access sensitive patient data. The vulnerabilities involved a data connection feature that allowed bots to interact with external sources, potentially leading to a server-side request forgery (SSRF) vulnerability. Microsoft released server-side … Read more

Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities

by

August 13, 2024 at 02:40PM Multiple privilege escalation issues in Microsoft Azure’s Health Bot service allowed server-side request forgery and potential access to cross-tenant resources. Quickly patched by Microsoft, these vulnerabilities highlight concerns about chatbot risks, specifically regarding access to sensitive health information. Tenable Research found that exploitation could lead to management capabilities for other … Read more

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

by

August 13, 2024 at 10:12AM Researchers discovered critical security flaws in Microsoft’s Azure Health Bot Service, allowing unauthorized access to patient data and system resources. Tenable reported finding vulnerabilities related to data connections and an endpoint supporting the Fast Healthcare Interoperability Resources data exchange format. Microsoft has since patched these issues, emphasizing the importance of … Read more

Evolve your cloud security knowledge

by

August 12, 2024 at 05:01AM Cloud platforms are increasingly relied upon, prompting heightened cybersecurity threats. Addressing this, the virtual SANS Cloud Security Exchange 2024 on 27th August provides free access to expert insights, best practices, and networking opportunities. With sessions on modernizing cloud security, identity, proactive security principles, and AI, it offers valuable knowledge and … Read more

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

by

August 12, 2024 at 12:27AM Russian government and IT organizations are targets of a spear-phishing campaign, codenamed EastWind. The attack deploys backdoors and trojans through booby-trapped LNK files, leveraging DLL side-loading techniques. Malware variants GrewApacha, CloudSorcerer, and PlugY are used for espionage, exfiltration, and data theft via various platforms including Dropbox and GitHub. Additionally, a … Read more

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers

by

August 9, 2024 at 06:39PM Cloud security researchers discovered critical flaws in Amazon Web Services (AWS) that could lead to remote code execution, user takeover, data exposure, and denial of service. The “Bucket Monopoly” issue allows attackers to create covert access to S3 buckets, potentially enabling data theft, privilege escalation, and malicious code execution. AWS … Read more