What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-21 17:20:00 | 14 Kubernetes et défis de sécurité cloud et comment les résoudre 14 Kubernetes and Cloud Security Challenges and How to Solve Them (lien direct) |
protéger leurs actifs numériques.
En réponse, les hauts-mèmes, le premier
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first |
Cloud | Uber | ★★ |
|
2023-04-20 19:23:00 | Deux défauts critiques trouvés dans les bases de données postgresql d'Alibaba Cloud \\ Two Critical Flaws Found in Alibaba Cloud\\'s PostgreSQL Databases (lien direct) |
Une chaîne de deux défauts critiques a été divulguée dans les RD Apsaradb d'Alibaba Cloud \\ pour PostgreSQL et AnalyticDB pour PostgreSQL qui pourraient être exploités pour briser les protections d'isolement des locataires et accéder aux données sensibles à d'autres clients.
"Les vulnérabilités ont potentiellement permis un accès non autorisé aux bases de données Alibaba Cloud \\ 'Postgresql et la possibilité d'effectuer une chaîne d'approvisionnement
A chain of two critical flaws has been disclosed in Alibaba Cloud\'s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers\' PostgreSQL databases and the ability to perform a supply chain |
Cloud | ★★★ | |
|
2023-04-19 16:02:00 | Découvrir (et comprendre) les risques cachés des applications SaaS Uncovering (and Understanding) the Hidden Risks of SaaS Apps (lien direct) |
Les violations de données récentes entre Circleci, Lastpass et Okta soulignent un thème commun: les piles de SaaS Enterprise connectées à ces applications de pointe peuvent être très risquées de compromis.
Circleci, par exemple, joue un rôle intégral et SaaS-SAAS pour le développement d'applications SaaS.De même, des dizaines de milliers d'organisations comptent sur les rôles de sécurité Okta et LastPass pour l'identité et l'accès SaaS
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access |
Cloud | LastPass LastPass | ★★ |
|
2023-04-17 19:02:00 | Quelle est la différence entre CSPM & SSPM? What\\'s the Difference Between CSPM & SSPM? (lien direct) |
La gestion de la posture de sécurité du cloud (CSPM) et la gestion de la posture de sécurité SaaS (SSPM) sont souvent confondues.Nonobstant la similitude des acronymes, les deux solutions de sécurité se concentrent sur la sécurisation des données dans le cloud.Dans un monde où les termes sont le nuage et le SaaS sont utilisés de manière interchangeable, cette confusion est compréhensible.
Cette confusion, cependant, est dangereuse pour les organisations qui doivent sécuriser
Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure |
Cloud | ★★★ | |
|
2023-04-08 12:49:00 | Des pirates basés en Iran ont surpris en train de mener des attaques destructrices sous une forme de ransomware Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (lien direct) |
Le groupe iranien de l'État-nation connu sous le nom de Muddywater a été observé pour effectuer des attaques destructrices contre des environnements hybrides sous le couvert d'une opération de ransomware.
Cela \\ est selon les nouvelles conclusions de l'équipe Microsoft Threat Intelligence, qui a découvert l'acteur de menace ciblant à la fois sur site et les infrastructures cloud
The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That\'s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed |
Ransomware Threat Cloud | ★★★ | |
|
2023-04-04 15:24:00 | Réfléchissez avant de partager le lien: SaaS dans le monde réel Think Before You Share the Link: SaaS in the Real World (lien direct) |
La collaboration se situe à l'essence des applications SaaS.Le mot, ou une forme de celui-ci, apparaît dans les deux premiers titres de la page d'accueil de Google Workspace \\.Il peut être trouvé six fois sur la page d'accueil de Microsoft 365 \\, trois fois sur la boîte et une fois la journée de travail.Visitez presque tous les sites SaaS, et les chances sont \\ 'La collaboration \' apparaîtra dans le cadre du point de vente clé de l'application.
En s'asseyant sur le cloud, contenu à l'intérieur
Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace\'s homepage. It can be found six times on Microsoft 365\'s homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are \'collaboration\' will appear as part of the app\'s key selling point. By sitting on the cloud, content within |
Cloud | ★★ | |
|
2023-04-01 14:03:00 | Microsoft corrige la nouvelle vulnérabilité Azure AD impactant la recherche Bing et les principales applications [Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps] (lien direct) | Microsoft a corrigé un problème de mauvaise configuration ayant un impact sur le service d'identité et de gestion d'accès Azure Active Directory (AAD) qui a exposé plusieurs applications "à fort impact" à un accès non autorisé.
"L'une de ces applications est un système de gestion de contenu (CMS) qui alimente Bing.com et nous a permis non seulement de modifier les résultats de la recherche, mais également de lancer des attaques XSS à fort impact contre les utilisateurs de Bing"
Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security |
Vulnerability Cloud | ★★ | |
|
2023-03-30 16:47:00 | Cyberstorage: tirez parti du multi-cloud pour lutter contre l'exfiltration des données [Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration] (lien direct) | Le stockage de données multi-cloud, une fois simplement un sous-produit de la grande migration du cloud, est devenu une stratégie de gestion des données.«Multi-Cloud by Design», et son compagnon The Supercloud, est un écosystème dans lequel plusieurs systèmes cloud travaillent ensemble pour offrir de nombreux avantages organisationnels, notamment une échelle accrue et une résilience globale. Et maintenant, même les équipes de sécurité qui sont depuis longtemps le retenue
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency.And now, even security teams who have long been the holdout |
Cloud | ★★★ | |
|
2023-03-30 15:38:00 | Alienfox Malware cible les clés API et les secrets des services AWS, Google et Microsoft Cloud [AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services] (lien direct) | Un nouveau "ensemble d'outils complet" appelé Alienfox est distribué sur Telegram comme moyen pour les acteurs de menace de récolter les informations d'identification des clés d'API et des secrets des fournisseurs de services cloud populaires.
"La propagation d'Alienfox représente une tendance non déclarée vers l'attaque des services cloud plus minimaux, inapproprié pour l'exploitation cryptographique, afin d'activer et d'étendre les campagnes ultérieures", Sentinelone Security
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security |
Malware Threat Prediction Cloud | ★★★ | |
|
2023-03-27 16:26:00 | Où SSO ne fait plus que le SaaS protégeant [Where SSO Falls Short in Protecting SaaS] (lien direct) | Single Sign-On (SSO) est une méthode d'authentification qui permet aux utilisateurs d'authentifier leur identité pour plusieurs applications avec un seul ensemble d'identification.Du point de vue de la sécurité, SSO est l'étalon-or.Il garantit l'accès sans forcer les utilisateurs à se souvenir de plusieurs mots de passe et peut être encore sécurisé avec MFA.En outre, environ 61% des attaques proviennent de références volées.Par
Single sign-on (SSO) is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be further secured with MFA. Furthermore, an estimated 61% of attacks stem from stolen credentials. By |
Cloud | ★★ | |
|
2023-03-24 17:13:00 | Webinaire Thn: à l'intérieur du risque élevé des applications SaaS 3rd-partie [THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps] (lien direct) | Toute application qui peut améliorer les opérations commerciales est rapidement ajoutée à la pile SaaS.Cependant, les employés ne se rendent pas compte que cette connectivité SaaS-SAAS, qui se déroule généralement en dehors de la vue de l'équipe de sécurité, augmente considérablement les risques.
Que les employés se connectent via Microsoft 365, Google Workspace, Slack, Salesforce ou toute autre application, les équipes de sécurité n'ont aucun moyen de quantifier leur
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don\'t realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their |
General Information Cloud | ★★★ | |
|
2023-03-22 17:54:00 | Arsenal évolutif de Scarcruft \\: les chercheurs révèlent de nouvelles techniques de distribution de logiciels malveillants [ScarCruft\\'s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques] (lien direct) | L'acteur de menace persistante avancée nord-coréenne (APT) surnommé Scarcruft utilise des fichiers HTML (CHM) compilés compilés par Microsoft armé pour télécharger des logiciels malveillants supplémentaires.
Selon plusieurs rapports d'Ahnlab Security Emergency Response Center (ASEC), de Sekoia.io et de Zscaler, les résultats illustrent les efforts continus du groupe pour affiner et réorganiser ses tactiques pour contourner la détection.
"
The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware. According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the findings are illustrative of the group\'s continuous efforts to refine and retool its tactics to sidestep detection. " |
Malware Threat General Information Cloud | APT 37 | ★★ |
|
2023-03-17 16:16:00 | A New Security Category Addresses Web-borne Threats (lien direct) | In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of | General Information Cloud | ★★★ | |
|
2023-03-13 17:53:00 | How to Apply NIST Principles to SaaS in 2023 (lien direct) | The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed | Cloud | ★★★ | |
|
2023-03-08 22:00:00 | Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks (lien direct) | A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are | Guideline Cloud | ★★ | |
|
2023-03-06 17:21:00 | Experts Reveal Google Cloud Platform\'s Blind Spot for Data Exfiltration Attacks (lien direct) | Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response | Cloud | ★★★ | |
|
2023-03-04 17:03:00 | Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery (lien direct) | This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees' SaaS usage through a completely free, self-service product that operates on a "freemium" model. If a user is impressed with the solution and wants to gain | Cloud | ★★★★ | |
|
2023-03-02 19:10:00 | Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (lien direct) | A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials," Sysdig said in a new report. The advanced cloud attack also entailed the | Cloud | ★★★★ | |
|
2023-03-02 17:05:00 | 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (lien direct) | As a primary working interface, the browser plays a significant role in today's corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing | Cloud | ★★★ | |
|
2023-02-27 20:09:00 | Shocking Findings from the 2023 Third-Party App Access Report (lien direct) | Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don't even realize | Cloud | ★★★★ | |
|
2023-02-24 19:31:00 | How to Tackle the Top SaaS Challenges of 2023 (lien direct) | Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a goldmine for hackers. But don't panic just yet. With the right knowledge and tools, you can protect your company's | Cloud | ★★★ | |
|
2023-02-15 20:29:00 | North Korea\'s APT37 Targeting Southern Counterpart with New M2RAT Malware (lien direct) | The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and | Malware Threat Cloud | APT 38 APT 37 | ★★ |
|
2022-12-08 13:29:00 | Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers (lien direct) | An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is | Vulnerability Threat Cloud | APT 37 | ★★★ |
|
2022-12-01 00:00:00 | North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets (lien direct) | The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing | Threat Cloud | APT 37 | ★★ |
|
2022-06-24 03:40:50 | Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (lien direct) | A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat | Malware Cloud | APT 37 | |
|
2022-06-17 06:12:54 | Researchers Uncover \'Hermit\' Android Spyware Used in Kazakhstan, Syria, and Italy (lien direct) | An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front | Cloud | APT 37 | |
|
2022-04-26 02:53:07 | North Korean Hackers Target Journalists with GOLDBACKDOOR Malware (lien direct) | A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an | Malware Threat Cloud | APT 37 | |
|
2021-12-07 22:33:02 | Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the | Malware Cloud | APT 37 | |
|
2021-11-29 05:14:10 | New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists (lien direct) | North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper | Threat Cloud | APT 37 APT 37 | |
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 | |
|
2020-11-03 03:49:37 | New Kimsuky Module Makes North Korean Spyware More Powerful (lien direct) | A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities.
The APT - dubbed "Kimsuky" (aka Black Banshee or Thallium) and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, |
Threat Cloud | APT 37 | |
|
2017-10-21 00:49:26 | New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet (lien direct) | Just a year after Mirai-biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks-completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet.
Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits
|
Cloud | APT 37 |
To see everything:
Our RSS (filtrered)
