Security News

A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack's spread. "As of approximately 11:30 AM CDT July 26, NetStandard identified signs of a cybersecurity attack within the MyAppsAnywhere environment. Our team of engineers has been engaged on an active incident bridge ever since working to isolate the threat and minimize impact."

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report.

60% of IT and security leaders are not confident in their organization's ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute. The Global Study on Zero Trust Security for the Cloud surveyed nearly 1,500 IT decision makers and security professionals worldwide to examine the pain points they experience in securing cloud environments and how zero trust security methods can enable digital transformation.

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

An ongoing heatwave in the United Kingdom has led to Google Cloud and Oracle Cloud outages after cooling systems failed at the companies' data centers. Today, with temperatures reaching a record-breaking 40.2 degrees Celsius, cooling systems at data centers used by Google and Oracle to host their cloud infrastructure have begun to fail.

Cloud security is a challenge likely to keep a lot of IT professionals awake at night. Agents will cover security scanning, software patching, configuration, general system monitoring and system restarts/reboots.

GitHub Actions and Azure virtual machines are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.

Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. A bare-install verson in the form of an official Kali distribution that can be deployed on any Linode compute instance and used via a command line interface.

The global cloud migration continues to fuel a market expected to hit the $1 trillion milestone in 2028. A recent report of Forrester Consulting, commissioned by Quali, found that 63% of surveyed IT and decision-makers say their organizations lack the support for a variety of cloud resources.

Microsoft has fixed a known issue causing Office applications like Word and Excel to crash when working with cloud documents. The complete list of affected Office apps includes Excel for Microsoft 365, Word for Microsoft 365, and PowerPoint for Microsoft 365.