Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks

August 28, 2024 at 05:13AM The threat group Bling Libra, known for the Ticketmaster breach, has evolved its tactics from data theft to extortion-based attacks targeting cloud environments. Using stolen credentials, they infiltrate AWS, exfiltrate data, and demand ransom. Weak authentication practices leave organizations vulnerable, emphasizing the need for multifactor authentication and secure IAM solutions … Read more

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

August 16, 2024 at 12:39PM A recent extortion campaign targeted organizations by exploiting publicly accessible .env files with cloud and social media credentials. The attackers used AWS environments to scan over 230 million targets, compromised over 90,000 unique variables, and conducted phishing and ransom activities. The campaign demonstrated advanced cloud knowledge, evasion techniques, and financial … Read more

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

August 16, 2024 at 10:33AM Palo Alto Networks discovered threat actors extorting organizations by exploiting inadvertently exposed environment variables in cloud environments, compromising sensitive information. Over 110,000 domains were targeted, exposing access keys and login credentials for various services. The attackers used various methods to exploit the compromised data and urged organizations to enhance their … Read more

Getting off the Attack Surface Hamster Wheel: Identity Can Help

January 10, 2024 at 07:22AM IT professionals have developed a deep understanding of the enterprise attack surface and the challenges it poses for cybersecurity. The expansion of the attack surface due to cloud services, remote working, IoT, supply chains, AI, and social networking requires a shift in security strategy. Prioritizing digital identities and investing in … Read more