Security News

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
2024-05-21 14:19

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell...

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)
2024-05-21 11:21

Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of...

eBook: 10 reasons why demand for cloud security is sky-high
2024-05-21 02:45

Current demand for cloud security specialists far exceeds available talent. Especially for companies seeking protection in multicloud environments, professionals with vendor-neutral knowledge and...

Critical Fluent Bit flaw impacts all major cloud providers
2024-05-20 21:12

A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. Fluent Bit is an extremely popular logging and metrics solution for Windows, Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure.

Cloud security incidents make organizations turn to AI-powered prevention
2024-05-16 03:30

Cloud security incidents are alarmingly on the rise, with 61% of organizations reporting breaches within the last year, marking a significant increase from 24% the year before, according to Check...

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
2024-05-10 07:41

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other...

3 CIS resources to help you drive your cloud cybersecurity
2024-05-09 03:00

You might not have knowledge of cloud security best practices, in-house expertise, or the desire to spend significant resources towards cloud security management. The CIS Controls consist of prescriptive, prioritized, and simplified security best practices that you can use to strengthen your cybersecurity posture across your environments, including in the cloud.

The Fundamentals of Cloud Security Stress Testing
2024-05-08 10:58

״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to...

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
2024-05-07 13:25

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack...

New SOHO router malware aims for cloud accounts, internal company resources
2024-05-02 11:39

Cuttlefish, a new malware family that targets enterprise-grade small office/home office routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem," Black Lotus Labs researchers noted.