Security News

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. In a report from cloud security company Aqua Nautilus, researchers describe a Kinsing malware attack where the threat actor exploited CVE-2023-4911 to elevate permissions on a compromised machine.

The risk associated with dependence on a particular cloud provider for multiple business capabilities is in the top five emerging risks for organizations for the second consecutive quarter, according to a survey by Gartner. In September 2023, Gartner surveyed 294 risk executives about their views on emerging risk or over-the-horizon risks.

In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. New research from Palo Alto Networks's Unit 42 exposes an active attack campaign in which a threat actor hunts for Amazon IAM credentials in real time in GitHub repositories and starts using them less than five minutes later.

The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign"...

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

Sponsored Post The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across the multiple different on and off premise systems that make up modern hybrid cloud environments. That's why SANS has created a training and certification curriculum devoted specifically to cloud security, designed to help those responsible for implementing effective cloud security measures within their organisation to broaden their knowledge and skills.

A new report from Netskope detailing the top techniques used by cybercriminals to attack organizations found that cloud apps are increasingly being used by threat actors, representing 19% of all clicks on spearphishing links. Netskope recently reported that Microsoft OneDrive is the most popular cloud app used in enterprises, so it is not a surprise that attackers leverage this target a lot, alongside Microsoft Teams, SharePoint and Outlook.

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible...

When it comes to the cloud, many organizations prioritize speed over spend. Spending on public cloud services is forecasted to grow 21.7% to a total of $597.3 billion in 2023, according to Gartner.

Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees. Customers can also access remote PC instances for development work and other tasks as well as cloud storage.