Security News

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.

What role do AI and automation play in cloud communications cybersecurity, and how can these technologies be leveraged to improve security posture? AI and automation are transforming cloud communications cybersecurity by enhancing threat detection, response times and the overall efficacy and efficiency of security operations.

The NSA and the Cybersecurity and Infrastructure Security Agency have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. Today, the NSA and CISA have issued five join documents on how to secure your cloud services using best practices.

VMware has fixed four vulnerabilities in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. VMware ESXi is a bare-metal hypervisor, VMware Workstation and Fusion are desktop hypervisors, and VMware Cloud Foundation is a hybrid cloud platform.

Russian state hackers are adapting their techniques to target organizations moving to the cloud, an advisory from the UK National Cyber Security Centre and international security agencies has warned. The advisory details how cyber espionage group APT29 is directly targeting weaknesses in cloud services used by victim organizations to gain initial access to their systems.

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number - a collective effort to safeguard both large and small enterprises is critical, according to Cado Security. Although cloud-focused attackers aim to exploit various services typically deployed in cloud environments, Docker remains the most frequently targeted for initial access, with 90.65% of honeypot traffic when discounting SSH. Identified malware campaigns, such as P2Pinfect, had a wide geographical distribution with nodes belonging to providers in China, the US, and Germany, which shows that regardless of where your infrastructure is located, it is still susceptible to Linux and cloud-focused attacks.

Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. Microsoft was victim of the same breach and, more recently, the same threat actors hacked into its corporate mailboxes, stealing emails and attached documents.

Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The...

Members of the Five Eyes intelligence alliance warned today that APT29 Russian Foreign Intelligence Service hackers are now switching to attacks targeting their victims' cloud services. The Russian cyberspies also compromised Microsoft 365 accounts belonging to various entities within NATO nations to obtain foreign policy-related data and targeted governments, embassies, and senior officials throughout Europe associated in a string of phishing attacks.

Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka...