Security News

AlienFox malware caught in the cloud hen house
2023-03-30 21:30

The AlienFox toolkit is being hawked on Telegram as a way to compromise misconfigured hosts on cloud services platforms and harvest sensitive information like API keys and other secrets, according to security shop SentinelOne. While the AlienFox scripts can be used against a range of web services, they primarily target cloud-based and software-as-a-service email hosting services, Delamotte wrote.

Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration
2023-03-30 11:17

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. As ransomware attacks continue to rise at a 13% growth rate year over year, surely more cloud storage simply equals more data vulnerability gaps to fill, right? New developments in data technology address these concerns.

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
2023-03-30 10:08

A new "Comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

New AlienFox toolkit steals credentials for 18 cloud services
2023-03-30 10:00

A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. Researchers at SentinelLabs who analyzed AlienFox report that the toolset targets common misconfigurations in popular services like online hosting frameworks, such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress.

CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud
2023-03-24 19:16

American cybersecurity officials have released an early-warning system to protect Microsoft cloud users. Dubbed the Untitled Goose Tool, CISA said it "Offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services."

CISA releases free tool for detecting malicious activity in Microsoft cloud environments
2023-03-24 12:31

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool. As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

New CISA tool detects hacking activity in Microsoft cloud services
2023-03-23 18:34

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

You just gonna take that AWS? Let Microsoft school your users on cloud security?
2023-03-21 20:43

Given how many organizations now use two or more public clouds - 87 percent of respondents in Flexera's 2023 State of the Cloud report said they have a multicloud strategy - it was important that Microsoft also look outward when talking about security baselines, according to Jim Cheng, senior software engineer at Microsoft. "Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements," Cheng wrote in October 2022, when MCSB v1 entered public preview.

Eufy security cams 'ignore cloud opt-out, store unique IDs' of anyone who walks by
2023-03-17 19:30

A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns "Unique identifiers" to the faces of any person who walks in front of its devices - and then stores that data in the cloud, "Essentially logging the locations of unsuspecting individuals" when they stroll past. All three suits allege Anker falsely represented that its security cameras stored all data locally and did not upload that data to the cloud.

How healthcare CISOs can automate cloud security controls
2023-03-17 06:00

This article will outline some of the ways CISOs in the healthcare sector can automate cloud security controls and integrate those controls into standard deployment cycles. There are many cloud security frameworks and best practices.