#CloudSecurity

Okta warns of credential stuffing attacks targeting its CORS feature

by

May 29, 2024 at 11:48AM Okta warns of ongoing credential stuffing attacks targeting Customer Identity Cloud (CIC) cross-origin authentication feature since April. The company has identified affected endpoints and advised customers to review logs for specific events, rotate compromised user credentials, and implement passwordless, phishing-resistant authentication. Okta is offering further support through its Customer Support … Read more

Pakistani ‘Transparent Tribe’ APT Aims for Cross-Platform Impact

by

May 28, 2024 at 11:33PM A cyber-espionage group, Transparent Tribe, known for targeting government and defense sectors in India, has expanded its tactics to include targeting Linux systems using legitimate software techniques, including Google Drive and Telegram. Despite a history of targeting India, the group has also attacked the US, Europe, and Australia. They utilize … Read more

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

by

May 27, 2024 at 09:06AM Microsoft has highlighted a cybercrime group, Storm-0539, responsible for sophisticated email and SMS phishing attacks, primarily aimed at stealing and selling gift cards. The group targets large retailers and utilizes tactics to evade detection, such as using cloud infrastructure and legitimate platforms. Microsoft advises companies to implement additional security measures … Read more

Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data

by

May 25, 2024 at 06:18AM A critical security flaw in AI-as-a-service provider Replicate allowed unauthorized access to proprietary AI models and sensitive information due to a vulnerability in its containerization process. The flaw was responsibly disclosed and addressed, and there is no evidence of exploitation. However, it highlights the potential risks of malicious models in … Read more

Averlon Emerges From Stealth Mode With $8 Million in Funding

by

May 24, 2024 at 09:24AM Averlon, a cloud security startup, has secured $8 million in seed funding, making the total raised to $10.5 million. Led by Voyager Capital, the investment also involved Outpost Ventures, Salesforce Ventures, and angel investors. Co-founded by Salesforce and Microsoft cybersecurity experts, Averlon uses AI to identify and counter cloud security … Read more

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

by

May 24, 2024 at 07:09AM The text discusses the evolving challenges for Chief Information Security Officers (CISOs) in the age of DevOps and the critical need to bridge the gap between security and development. It emphasizes the importance of proactive collaboration between CISOs, DevOps teams, and IT management to ensure innovation thrives on a safe … Read more

Critical Flaw in Replicate AI Platform Exposes Proprietary Data

by

May 23, 2024 at 10:08AM A critical vulnerability in the Replicate AI platform allowed attackers to execute a malicious AI model for a cross-tenant attack, potentially compromising private AI models and sensitive data. Researchers at Wiz emphasize the difficulty of tenant separation in AI-as-a-service solutions and recommend new forms of mitigation to prevent future exploitation. … Read more

Snowflake’s Anvilogic Investment Signals Changes in SIEM Market

by

May 22, 2024 at 03:50PM Snowflake and Anvilogic have deepened their partnership with a joint offering targeting business customers using Snowflake’s data storage and analytics software. The companies claim their solution would reduce costs by 50-80% and replace legacy SIEM platforms. The partnership reflects the growing importance of effective data management in cybersecurity. However, challenges … Read more

Stopping ransomware in multicloud environments

by

May 22, 2024 at 11:09AM Readers of The Register were recently surveyed about the risks posed by ransomware and the security defenses in place to protect sensitive data. The results will be presented by Zerto’s Anthony Dutra at a live event in Boston on June 27. Attendees can also access related white papers on Zerto’s … Read more

Critical Fluent Bit bug affects all major cloud providers, say researchers

by

May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more