What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-14 21:05:00 | Samsung Next Invests in Mitiga, Brings Total Funding to $45M (lien direct) | Financing will help support increasing customer demand while continuing to transform incident response for cloud and SaaS environments | Cloud | ★★ | |
 |
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
 |
2023-03-14 18:17:21 | Cloud Threats Memo: Cyber Espionage Campaign Using Remote Access Tools (lien direct) | >Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload. Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader […] | Tool Cloud | ★★★ | |
 |
2023-03-14 18:15:10 | CVE-2023-27588 (lien direct) | Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch. | Vulnerability Cloud | ||
 |
2023-03-14 00:30:00 | Grip Security & The Syndicate Group (TSG) Announce Strategic Investment (lien direct) | Grip Security & The Syndicate Group (TSG) Announce Strategic Investment to Accelerate Channel-Led Growth Grip Solutions Meet Critical Need for Channel Ecosystem to Manage SaaS Risk; TSG Expands Reach to 450+ Strategic Partners - Business News | Cloud | ★★ | |
|
2023-03-13 22:15:12 | CVE-2023-27587 (lien direct) | ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. See below for what this error message looks like, with redaction. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds. | Cloud | ||
|
2023-03-13 21:15:13 | CVE-2023-0346 (lien direct) | Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known. | Cloud | ||
 |
2023-03-13 17:53:00 | How to Apply NIST Principles to SaaS in 2023 (lien direct) | The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed | Cloud | ★★★ | |
|
2023-03-13 17:42:53 | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l\'innovation (lien direct) | Dans son rapport sur la sécurité des applications et des API, GigaOm place Check Point Software au rang de leader de l'innovation Check Point CloudGuard AppSec (Application Security) se distingue car il utilise l'intelligence artificielle préemptive pour bloquer de manière proactive les attaques complexes de type " zero-day " et pour sécuriser les applications cloud des entreprises - Magic Quadrant | Guideline Cloud | ★★★ | |
 |
2023-03-13 17:12:39 | FinOps : 4 certifications qui valorisent votre expertise (lien direct) | Les certifcations de la FinOps Foundation et d'hyperscalers cloud peuvent distinguer les compétences et doper les parcours d'ingénieurs et profils IT. | Cloud | ★★ | |
 |
2023-03-13 16:10:05 | Streamlined and secure: Red Canary upgrades to SentinelOne Cloud Funnel 2.0 (lien direct) | Red Canary now supports SentinelOne's newest data export mechanism, Cloud Funnel 2.0, providing customers with more enriched XDR data. | Cloud | ★★ | |
 |
2023-03-13 15:30:00 | Unlocking the Benefits and Trade-Offs of Agentless Cloud Security (lien direct) | Agentless cloud security solutions were among the most talked-about topics during the Cloud & Cyber Security Expo, set in London on March 8-9, 2023 | Cloud | ★★★ | |
|
2023-03-13 14:14:44 | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report (lien direct) | GigaOm Recognizes Check Point Software as a Leader in Innovation in its Application and API Security Report Check Point CloudGuard AppSec (Application Security) stands out for using Preemptive Artificial Intelligence (AI) to proactively block complex zero-day attacks and secure organizations' Cloud Applications - Malware Update | Guideline Cloud | ★★ | |
|
2023-03-10 21:09:16 | Realizing the True Power of Netskope Cloud Exchange (lien direct) | >When I talk to customers and partners about Cloud Threat Exchange (CTE), I immediately say, “I'm not in marketing, and didn't see the future-so I misnamed the module. I should have named it Cloud Data Exchange.” Why do I say this? Because, as Netskope and Cloud Exchange have matured, the number of use cases the […] | Threat Cloud | ★★★ | |
|
2023-03-10 16:24:15 | Cloud : le FinOps et la sécurité d\'abord (lien direct) | Les équipes chargées de la gestion cloud font du contrôle des coûts la principale priorité, devant la sécurité. Une première en une décennie. | Cloud | ★★★ | |
 |
2023-03-10 11:30:18 | Blackbaud to pay $3M for misleading ransomware attack disclosure (lien direct) | Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. [...] | Ransomware Cloud | ★★ | |
|
2023-03-10 11:01:30 | SentinelOne et Wiz annoncent un partenariat exclusif pour proposer une solution de sécurité cloud (lien direct) | SentinelOne et Wiz annoncent un partenariat exclusif pour proposer une solution de sécurité cloud globale Deux entreprises de cybersécurité de premier plan unissent leurs forces pour améliorer la sécurité de leurs clients dans le cloud - Business | Cloud | ★★ | |
|
2023-03-09 11:45:00 | Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security (lien direct) | During the Cloud & Cyber Security Expo, cloud security experts attributed the security shortcomings of cloud users to misconceptions over their responsibility | Cloud | ★★★ | |
 |
2023-03-09 11:00:18 | Is your security team concerned with unmanaged devices? (lien direct) | >Secure all your organization's devices in a few clicks. By Antoine Korulski and Adi Goldshtein Harel CISOs face major challenges in 2023 when defending against threats coming from unmanaged devices, used by third-party service providers, or employee personal devices (BYOD) to access SaaS or corporate web applications. Those attacks have many faces, including stealing sensitive… | Cloud | ★★★ | |
|
2023-03-09 10:08:17 | Retex : pourquoi la Cnav développe son cloud privé (lien direct) | Depuis 2018, la Cnav déploie un cloud privé développé en interne et qui va évoluer vers davantage de services PaaS, la gestion de conteneurs et une offre "infrastructure as a code". Explications avec Bruno Delibanti, directeur des opérations et services informatiques. | Cloud | ★★★ | |
 |
2023-03-08 23:30:00 | CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (lien direct) | The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as... | Malware Threat Cloud | APT 37 | ★★ |
|
2023-03-08 22:24:00 | Edgeless Systems Raises $5M to Advance Confidential Computing (lien direct) | Confidential computing will revolutionize cloud security in the decade to come and has become a top C-level priority for industry leaders such as Google, Intel and Microsoft. Edgeless Systems is leading these advancements to ensure all data is always encrypted. | Guideline Cloud | ★★ | |
|
2023-03-08 22:00:00 | Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks (lien direct) | A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are | Guideline Cloud | ★★ | |
|
2023-03-08 15:15:10 | CVE-2023-26261 (lien direct) | In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15. | Guideline Cloud | ||
|
2023-03-08 15:10:00 | Surge in Cloud Adoption Means a Greater Data Attack Surface for Healthcare and Financial Services (lien direct) | Organizations in both industries are falling short when addressing new challenges to protect data in the cloud, finds Blancco report. | Cloud | ★★ | |
|
2023-03-08 15:00:00 | Rising Public Cloud Adoption Is Accelerating Shadow Data Risks (lien direct) | Using a risk-based approach to deal with policy violations and continuous compliance monitoring will help avoid data exposures and fines. | Cloud | ★★ | |
|
2023-03-08 10:52:18 | SentinelOne and Wiz announce exclusive partnership to deliver end to end cloud security (lien direct) | SentinelOne and Wiz announce exclusive partnership to deliver end to end cloud security Leading cybersecurity companies join forces to enhance customers' cloud security - Business News | Guideline Cloud | ★★★ | |
 |
2023-03-07 16:51:12 | CrowdStrike: Attackers focusing on cloud exploits, data theft (lien direct) | >CrowdStrike's new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. | Ransomware Malware Threat Cloud | ★★ | |
|
2023-03-07 16:07:22 | Remcos RAT Spyware Scurries Into Machines via Cloud Servers (lien direct) | Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique. | Cloud | ★★★ | |
|
2023-03-07 13:15:00 | Just 10% of Firms Can Resolve Cloud Threats in an Hour (lien direct) | Tool bloat is making it harder to detect and contain attacks | Tool Cloud | ★★ | |
|
2023-03-07 12:37:23 | Comment Nexity a engagé sa transformation cloud (lien direct) | Le groupe immobilier s'est engagé dans une migration complète de son infrastructure dans le cloud en plusieurs étapes. Témoignage de Laurent Dirson, son directeur des solutions business et des technologies. | Cloud | ★★ | |
 |
2023-03-07 11:00:17 | Cloud-Native Security Survey: Patterns and Tipping Points in New Report (lien direct) | >2023 Cloud security survey offers new data highlighting challenges faced by cloud security professionals and posing risks to application development security. | Cloud | ★★ | |
 |
2023-03-07 11:00:00 | An assessment of ransomware distribution on darknet markets (lien direct) | Ransomware is a form of malicious software (malware) that restricts access to computer files, systems, or networks until a ransom is paid. In essence, an offender creates or purchases ransomware, then uses it to infect the target system. Ransomware is distributed in several ways including, but not limited to, malicious website links, infected USB drives, and phishing emails. Once infected, the offender encrypts the device and demands payment for the decryption key. Figure 1 provides a simplistic overview of the ransomware timeline.
Figure 1. Ransomware timeline.
The earliest recorded case of ransomware was the AIDS Trojan, which was released in the late 1980s. Now, in 2023, ransomware is considered the greatest cybersecurity threat due to the frequency and severity of attacks. In 2021, the Internet Crimes Complaint Center received over 3,000 ransomware reports totaling $49.2 million in losses. These attacks are especially problematic from a national security perspective since hackers aggressively target critical infrastructure such as the healthcare industry, energy sector, and government institutions.
If ransomware has been around for over 40 years, why is it now increasing in popularity? We argue the increase in ransomware attacks can be attributed to the availability of ransomware sold on darknet markets.
Darknet markets
Darknet markets provide a platform for cyber-criminals to buy, sell, and trade illicit goods and services. In a study funded by the Department of Homeland Security, Howell and Maimon found darknet markets generate millions of dollars in revenue selling stolen data products including the malicious software used to infect devices and steal personal identifying information. The University of South Florida’s (USF) Cybercrime Interdisciplinary Behavioral Research (CIBR) sought to expand upon this research. To do this, we extracted cyber-intelligence from darknet markets to provide a threat assessment of ransomware distribution. This report presents an overview of the key findings and the corresponding implications.
Threat assessment
While drugs remain the hottest commodity on darknet markets, our threat intelligence team observed a rise in ransomware (and other hacking services).
The study was conducted from November 2022-February 2023. We began by searching Tor for darknet markets advertising illicit products. In total, we identified 50 active markets: this is more than all prior studies. We then searched for vendors advertising ransomware across these markets, identifying 41 vendors actively selling ransomware products. The number of markets and vendors highlight the availability of ransomware and ease of access. Interestingly, we find more markets than vendors. Ransomware vendors advertise their products on multiple illicit markets, which increases vendor revenue and market resiliency. If one market is taken offline (by law enforcement or hackers), customers can shop with the same vendor across multiple store fronts.
The 41 identified vendors advertised 98 unique ransomware products. This too shows the accessibility of various forms of ransomware readily available for purchase. We extracted the product description, price, and transaction information into a structured database file for analysis. In total, we identified 504 successful transactions (within a 4-month period) with prices ranging from $1-$470. On average, ransomware so |
Ransomware Threat Cloud | ★★ | |
 |
2023-03-06 19:33:22 | An Essential Guide To Threat Modeling Cloud Platform (lien direct) | Threat modeling is a proactive method for locating the points of entry on a system’s attack surface, listing the threats, and putting security measures in place. Its main objective is to guard against security lapses. An illustration of a system’s architecture has always served as the basis for this. Threat modeling technically is not exclusive […] | Threat Cloud | ★★★ | |
|
2023-03-06 18:10:00 | SANS Institute Partners With Google to Launch Cloud Diversity Academy (lien direct) | Pas de details / No more details | Cloud | ★★★ | |
|
2023-03-06 17:21:00 | Experts Reveal Google Cloud Platform\'s Blind Spot for Data Exfiltration Attacks (lien direct) | Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response | Cloud | ★★★ | |
|
2023-03-06 14:03:00 | Vice Society ransomware group claims German university as latest victim (lien direct) |
The Vice Society ransomware group added the Hamburg University of Applied Sciences (HAW Hamburg) to its leak site this weekend following an attack that the institution said took place late last year.
HAW Hamburg is one of several German-speaking institutions with a focus on applied sciences to be targeted by ransomware gangs in recent months.
In [a statement](https://www.haw-hamburg.de/fileadmin/PK/PDF/Infos_Art._34_DS-GVO_final.pdf) sent to all employees and students, the university said the attack was on December 29, describing a ransomware incident without using the term itself. The school has about 16,000 students.
“The attackers worked their way manually from decentralized IT systems via the network to the central IT and security components of HAW Hamburg. They also gained administrative rights to the central storage systems via this attack path and thus compromised the central data storage,” the statement explained.
“With the administrative rights obtained, the encryption of various virtualized platforms and the deletion of saved backups were finally started,” it added.
The university warned that “significant amounts of data from various areas” were copied, including usernames and “cryptographically secured” passwords, email addresses and mobile phone numbers.
Despite describing the compromised passwords as “cryptographically secured” the IT team recommended that students and staff change their passwords “for all internal university applications,” adding “in particular, change your password for Microsoft Teams and avoid using passwords that you have already used before.”
The university said it had to rebuild its IT systems, including the existing Microsoft cloud environment, and was “trying to restore a backup of the email data from the old mail server as of December 14.”
Following the attack, HAW Hamburg's IT security said it had “received several reports from students about attempts to log on to Internet portals such as Amazon and eBay by unauthorized third parties.”
“After reviewing all previous reports, and taking into account the attacker group's previous approach, it can be ruled out that the login attempts are related to the security incident at HAW Hamburg or the attacker group,” the team added.
Back in January the Vice Society ransomware group [claimed responsibility](https://therecord.media/vice-society-ransomware-gang-claims-attack-on-one-of-germanys-largest-universities/) for a November attack against the University of Duisburg-Essen in Germany.
Then in February the University of Zurich, Switzerland's largest university, announced it was the target of a “serious cyberattack,” which a spokesperson described to The Record as “part of a current accumulation of attacks on educational and health institutions.”
The week before, the [Harz University of Applied Sciences](https://www.n-tv.de/regionales/sachsen-anhalt/Hochschule-Harz-nach-digitalem-Angriff-offline-article23885755.html) in Saxony-Anhalt, [Ruhr West University](https://www.hochschule-ruhr-west.de/hrwoffline/), and the [EU/FH European University of Applied Sciences](https://www.eufh.de/hochschule/pressemitteilung) all announced being impacted by cyberattacks.
|
Ransomware Guideline Cloud | ★★ | |
|
2023-03-06 13:48:26 | Les prévisions d\'OpenText Cybersecurity : Les quatre évolutions de la cybercriminalité en 2023 (lien direct) | l'avis d'expert de Mathieu Mondino, Presales Manager chez OpenTextCybersecurity. Il appuie son propos sur les quatres evolutions et innovations majeures de la cybercriminalité en 2023. • Le contexte économique et géopolitique instable • Le flou des résultats sur les moteurs de recherches payants et organiques. • Le stockage massif des données sur le cloud couplé à des appareils personnels de plus en plus intelligents • Les cybercriminels jouent sur les peurs Ces evolutions en matiere de cybercriminalité sont à prendre en considération pour se protéger au mieux. Je reste a votre disposition pour toute demande d'information complémentaire. Bien à vous, - Points de Vue | Cloud | ★★★ | |
 |
2023-03-06 12:06:48 | New National Cybersecurity Strategy (lien direct) | Last week the Biden Administration released a new National Cybersecurity Strategy (summary >here. There is lots of good commentary out there. It’s basically a smart strategy, but the hard parts are always the implementation details. It’s one thing to say that we need to secure our cloud infrastructure, and another to detail what the means technically, who pays for it, and who verifies that it’s been done. One of the provisions getting the most attention is a move to shift liability to software vendors, something I’ve been advocating for since at least 2003... | Cloud | ★★ | |
|
2023-03-06 11:59:20 | 5 certifications cloud qui rapportent plus (lien direct) | Des compétences certifiées AWS, Azure, Google Cloud peuvent doper les parcours et orienter à la hausse les rémunérations d'experts. | Cloud | ★★★ | |
|
2023-03-06 10:05:10 | Securing cloud workloads with Wazuh - an open source, SIEM and XDR platform (lien direct) | Wazuh is a free, open source security platform that offers Unified XDR and SIEM capabilities. Learn how Wazuh detect and defend against security threats targeting cloud environments. [...] | Cloud | ★★★ | |
|
2023-03-06 08:07:03 | (Déjà vu) Ignition Technology announced its distribution agreement with XM Cyber (lien direct) | Ignition Technology, the specialist distribution division of Exclusive Networks announced its distribution agreement with XM Cyber, a specialist in hybrid cloud security, providing automated mitigation of hybrid cyber risk, to expand its footprint in France. - Business News | Cloud | ★★ | |
|
2023-03-06 08:05:15 | Ignition-Technology annonce son accord de distribution avec XM Cyber (lien direct) | Ignition-Technology, la division de distribution spécialisée d'Exclusive Networks annonce son accord de distribution avec XM Cyber, un spécialiste de la sécurité du cloud hybride, fournissant une mitigation automatisée du cyber risque, afin d'étendre sa présence en France. - Business | Cloud | ★★ | |
|
2023-03-06 00:15:10 | CVE-2023-22335 (lien direct) | Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | Vulnerability Cloud | ||
|
2023-03-06 00:15:10 | CVE-2023-22344 (lien direct) | Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | Tool Vulnerability Cloud | ||
|
2023-03-06 00:15:10 | CVE-2023-22336 (lien direct) | Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | Vulnerability Cloud | ||
|
2023-03-04 17:03:00 | Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery (lien direct) | This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees' SaaS usage through a completely free, self-service product that operates on a "freemium" model. If a user is impressed with the solution and wants to gain | Cloud | ★★★★ | |
|
2023-03-03 16:00:00 | Cloud Threats Memo: Multiple Different Cloud Apps Abused in a Single Cyber Espionage Campaign (lien direct) | >Threat actors continue to exploit cloud services for cyber espionage, and a new campaign by a threat cluster named WIP26, discovered recently by researchers at Sentinel One in collaboration with QGroup, targeting telecommunication providers in the Middle East, confirms this trend. In particular what makes this campaign stand out is the abuse of multiple cloud […] | Threat Cloud | ★★★ | |
|
2023-03-03 15:00:00 | It\'s Time to Assess the Potential Dangers of an Increasingly Connected World (lien direct) | With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack. | Cloud | ★★★ | |
|
2023-03-03 01:33:06 | Highlights from the New U.S. Cybersecurity Strategy (lien direct) | The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and names China as the single biggest cyber threat to U.S. interests. | Threat Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
