This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:58:08+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers]]> 2024-07-18T15:03:00+00:00 https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html www.secnews.physaphae.fr/article.php?IdArticle=8539491 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and]]> 2024-07-16T16:30:00+00:00 https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8538131 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T\'s wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated]]> 2024-07-13T11:21:00+00:00 https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html www.secnews.physaphae.fr/article.php?IdArticle=8536176 False Data Breach,Threat,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed]]> 2024-07-08T21:12:00+00:00 https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8532915 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP]]> 2024-07-05T17:50:00+00:00 https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html www.secnews.physaphae.fr/article.php?IdArticle=8531137 False Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users\' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters]]> 2024-07-04T09:07:00+00:00 https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8530308 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The modern kill chain is eluding enterprises because they aren\'t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven\'t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem]]> 2024-06-28T16:30:00+00:00 https://thehackernews.com/2024/06/combatting-evolving-saas-kill-chain-how.html www.secnews.physaphae.fr/article.php?IdArticle=8527144 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing\'s research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and]]> 2024-06-27T17:10:00+00:00 https://thehackernews.com/2024/06/the-secrets-of-hidden-ai-training-on.html www.secnews.physaphae.fr/article.php?IdArticle=8526554 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version]]> 2024-06-24T19:22:00+00:00 https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html www.secnews.physaphae.fr/article.php?IdArticle=8524700 False Tool,Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in]]> 2024-06-18T16:53:00+00:00 https://thehackernews.com/2024/06/the-annual-saas-security-report-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8520400 False Prediction,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that\'s capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, cloud analytics platform Datadog]]> 2024-06-18T15:11:00+00:00 https://thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html www.secnews.physaphae.fr/article.php?IdArticle=8520366 False Malware,Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could]]> 2024-06-18T13:54:00+00:00 https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8520309 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don\'t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial]]> 2024-06-13T17:00:00+00:00 https://thehackernews.com/2024/06/why-saas-security-is-suddenly-hot.html www.secnews.physaphae.fr/article.php?IdArticle=8517164 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that\'s designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI (]]> 2024-06-11T15:40:00+00:00 https://thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html www.secnews.physaphae.fr/article.php?IdArticle=8517179 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the cloud data warehousing platform in its incident response efforts, is tracking the]]> 2024-06-11T12:22:00+00:00 https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html www.secnews.physaphae.fr/article.php?IdArticle=8517181 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center (]]> 2024-06-10T16:50:00+00:00 https://thehackernews.com/2024/06/azure-service-tags-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8516275 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of]]> 2024-06-05T16:30:00+00:00 https://thehackernews.com/2024/06/unpacking-2024s-saas-threat-predictions.html www.secnews.physaphae.fr/article.php?IdArticle=8513617 False Threat,Studies,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake\'s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant. "We have not identified]]> 2024-06-04T15:58:00+00:00 https://thehackernews.com/2024/06/snowflake-warns-targeted-credential.html www.secnews.physaphae.fr/article.php?IdArticle=8512936 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers," the Identity and access management (IAM) services provider said. The]]> 2024-05-30T12:22:00+00:00 https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html www.secnews.physaphae.fr/article.php?IdArticle=8509848 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and] leverages Azure cloud as command-and-control (C2) infrastructure," French cybersecurity company HarfangLab]]> 2024-05-29T20:28:00+00:00 https://thehackernews.com/2024/05/brazilian-banks-targeted-by-new.html www.secnews.physaphae.fr/article.php?IdArticle=8509349 False Malware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.  Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for]]> 2024-05-29T17:01:00+00:00 https://thehackernews.com/2024/05/new-research-warns-about-weak.html www.secnews.physaphae.fr/article.php?IdArticle=8509280 False Studies,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of]]> 2024-05-27T17:16:00+00:00 https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8507797 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.]]> 2024-05-24T16:05:00+00:00 https://thehackernews.com/2024/05/devops-dilemma-how-can-cisos-regain.html www.secnews.physaphae.fr/article.php?IdArticle=8506073 False Ransomware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are valid and necessary conversations for technology organizations of all shapes]]> 2024-05-23T16:44:00+00:00 https://thehackernews.com/2024/05/are-your-saas-backups-as-secure-as-your.html www.secnews.physaphae.fr/article.php?IdArticle=8505402 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against]]> 2024-05-22T15:31:00+00:00 https://thehackernews.com/2024/05/the-ultimate-saas-security-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8504670 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads," Securonix]]> 2024-05-21T19:49:00+00:00 https://thehackernews.com/2024/05/malware-delivery-via-cloud-services.html www.secnews.physaphae.fr/article.php?IdArticle=8504105 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining]]> 2024-05-17T22:50:00+00:00 https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html www.secnews.physaphae.fr/article.php?IdArticle=8501763 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While cloud adoption has been top of mind for many IT professionals for nearly a decade, it\'s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure]]> 2024-05-15T16:25:00+00:00 https://thehackernews.com/2024/05/its-time-to-master-lift-shift-migrating.html www.secnews.physaphae.fr/article.php?IdArticle=8500129 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained]]> 2024-05-10T13:11:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8497059 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user\'s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of]]> 2024-05-08T19:48:00+00:00 https://thehackernews.com/2024/05/a-saas-security-challenge-getting.html www.secnews.physaphae.fr/article.php?IdArticle=8495969 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.]]> 2024-05-08T16:28:00+00:00 https://thehackernews.com/2024/05/the-fundamentals-of-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8495846 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was]]> 2024-05-07T18:55:00+00:00 https://thehackernews.com/2024/05/apt42-hackers-pose-as-journalists-to.html www.secnews.physaphae.fr/article.php?IdArticle=8495241 False Cloud APT 42 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.]]> 2024-05-03T16:12:00+00:00 https://thehackernews.com/2024/05/new-guide-explains-how-to-eliminate.html www.secnews.physaphae.fr/article.php?IdArticle=8492915 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent]]> 2024-05-02T10:34:00+00:00 https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html www.secnews.physaphae.fr/article.php?IdArticle=8492194 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here\'s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let\'s discuss why]]> 2024-04-19T16:38:00+00:00 https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8485252 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The introduction of Open AI\'s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,]]> 2024-04-17T16:37:00+00:00 https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8484090 False Tool,Cloud ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in]]> 2024-04-16T18:56:00+00:00 https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html www.secnews.physaphae.fr/article.php?IdArticle=8483499 False Tool,Vulnerability,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground]]> 2024-04-16T16:40:00+00:00 https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html www.secnews.physaphae.fr/article.php?IdArticle=8483393 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat]]> 2024-04-15T18:59:00+00:00 https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html www.secnews.physaphae.fr/article.php?IdArticle=8482752 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud]]> 2024-04-05T12:45:00+00:00 https://thehackernews.com/2024/04/researchers-identify-multiple-china.html www.secnews.physaphae.fr/article.php?IdArticle=8476377 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What\'s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto]]> 2024-04-02T16:57:00+00:00 https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8474584 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the]]> 2024-03-28T16:30:00+00:00 https://thehackernews.com/2024/03/behind-scenes-art-of-safeguarding-non.html www.secnews.physaphae.fr/article.php?IdArticle=8471965 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (]]> 2024-03-27T16:26:00+00:00 https://thehackernews.com/2024/03/sase-solutions-fall-short-without.html www.secnews.physaphae.fr/article.php?IdArticle=8471300 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP]]> 2024-03-21T18:18:00+00:00 https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html www.secnews.physaphae.fr/article.php?IdArticle=8467923 False Malware,Tool,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That\'s why effective vendor risk management (VRM) is a]]> 2024-03-21T17:00:00+00:00 https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8467864 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration. Despite their powerful capabilities,]]> 2024-03-20T16:57:00+00:00 https://thehackernews.com/2024/03/generative-ai-security-secure-your.html www.secnews.physaphae.fr/article.php?IdArticle=8467286 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Being a CISO is a balancing act: ensuring organizations are secure without compromising users\' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are]]> 2024-03-14T15:54:00+00:00 https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html www.secnews.physaphae.fr/article.php?IdArticle=8463709 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to]]> 2024-03-13T16:03:00+00:00 https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html www.secnews.physaphae.fr/article.php?IdArticle=8463115 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can\'t be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/embracing-cloud-revolutionizing.html www.secnews.physaphae.fr/article.php?IdArticle=8462169 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web]]> 2024-03-11T17:03:00+00:00 https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8462119 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.  Not]]> 2024-03-07T16:41:00+00:00 https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8460285 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using]]> 2024-03-05T16:25:00+00:00 https://thehackernews.com/2024/03/what-is-exposure-management-and-how.html www.secnews.physaphae.fr/article.php?IdArticle=8459271 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the]]> 2024-02-27T16:04:00+00:00 https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html www.secnews.physaphae.fr/article.php?IdArticle=8455808 False Threat,Cloud APT 29 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious]]> 2024-02-26T15:21:00+00:00 https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html www.secnews.physaphae.fr/article.php?IdArticle=8455339 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can\'t possibly become experts in the nuances of the native]]> 2024-02-21T17:00:00+00:00 https://thehackernews.com/2024/02/6-ways-to-simplify-saas-identity.html www.secnews.physaphae.fr/article.php?IdArticle=8453182 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a]]> 2024-02-20T16:23:00+00:00 https://thehackernews.com/2024/02/saas-compliance-through-nist.html www.secnews.physaphae.fr/article.php?IdArticle=8452677 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study]]> 2024-02-15T17:00:00+00:00 https://thehackernews.com/2024/02/how-nation-state-actors-target-your.html www.secnews.physaphae.fr/article.php?IdArticle=8450383 False Vulnerability,Studies,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches - safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and]]> 2024-02-13T16:40:00+00:00 https://thehackernews.com/2024/02/midnight-blizzard-and-cloudflare.html www.secnews.physaphae.fr/article.php?IdArticle=8449550 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and]]> 2024-02-09T13:10:00+00:00 https://thehackernews.com/2024/02/wazuh-in-cloud-era-navigating.html www.secnews.physaphae.fr/article.php?IdArticle=8448293 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic]]> 2024-02-06T16:23:00+00:00 https://thehackernews.com/2024/02/how-10b-enterprise-customer-drastically.html www.secnews.physaphae.fr/article.php?IdArticle=8447245 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy\'s cybersecurity strategies, represents a major]]> 2024-02-02T16:00:00+00:00 https://thehackernews.com/2024/02/cloudzy-elevates-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8445948 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SEC isn\'t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the]]> 2024-01-31T16:30:00+00:00 https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html www.secnews.physaphae.fr/article.php?IdArticle=8445135 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital world, security risks are more prevalent than ever, especially when it comes to Software as a Service (SaaS) applications. Did you know that an alarming 97% of companies face serious risks from unsecured SaaS applications?Moreover, about 20% of these organizations are struggling with internal data threats. These statistics aren\'t just numbers; they\'re a wake-up call. We\'re]]> 2024-01-29T17:03:00+00:00 https://thehackernews.com/2024/01/493-companies-share-their-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8444393 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise\'s (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"]]> 2024-01-25T11:18:00+00:00 https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html www.secnews.physaphae.fr/article.php?IdArticle=8442828 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In]]> 2024-01-24T19:55:00+00:00 https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html www.secnews.physaphae.fr/article.php?IdArticle=8442574 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world\'s first and only solution to address]]> 2024-01-24T16:54:00+00:00 https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html www.secnews.physaphae.fr/article.php?IdArticle=8442514 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are]]> 2024-01-18T22:01:00+00:00 https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html www.secnews.physaphae.fr/article.php?IdArticle=8440348 False Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI]]> 2024-01-17T19:00:00+00:00 https://thehackernews.com/2024/01/combating-ip-leaks-into-ai-applications.html www.secnews.physaphae.fr/article.php?IdArticle=8439910 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud]]> 2024-01-13T15:31:00+00:00 https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html www.secnews.physaphae.fr/article.php?IdArticle=8438571 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various]]> 2024-01-11T19:30:00+00:00 https://thehackernews.com/2024/01/new-python-based-fbot-hacking-toolkit.html www.secnews.physaphae.fr/article.php?IdArticle=8437897 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees]]> 2024-01-09T16:57:00+00:00 https://thehackernews.com/2024/01/why-public-links-expose-your-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8437106 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It\'s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@]]> 2024-01-04T11:59:00+00:00 https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html www.secnews.physaphae.fr/article.php?IdArticle=8434203 False Hack,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised]]> 2024-01-03T16:16:00+00:00 https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html www.secnews.physaphae.fr/article.php?IdArticle=8433615 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,]]> 2024-01-02T15:31:00+00:00 https://thehackernews.com/2024/01/the-definitive-enterprise-browser.html www.secnews.physaphae.fr/article.php?IdArticle=8432862 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to]]> 2023-12-28T18:50:00+00:00 https://thehackernews.com/2023/12/google-cloud-resolves-privilege.html www.secnews.physaphae.fr/article.php?IdArticle=8430294 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB\'s formal exit from Russia earlier this year. Cloud Atlas, active since at]]> 2023-12-25T13:17:00+00:00 https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8428716 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general]]> 2023-12-18T20:10:00+00:00 https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html www.secnews.physaphae.fr/article.php?IdArticle=8424859 False Prediction,Medical,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables]]> 2023-12-06T19:08:00+00:00 https://thehackernews.com/2023/12/alert-threat-actors-can-leverage-aws.html www.secnews.physaphae.fr/article.php?IdArticle=8419566 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn\'t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how]]> 2023-12-04T17:08:00+00:00 https://thehackernews.com/2023/12/make-fresh-start-for-2024-clean-out.html www.secnews.physaphae.fr/article.php?IdArticle=8418989 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first...  What exactly is]]> 2023-11-30T17:25:00+00:00 https://thehackernews.com/2023/11/this-free-solution-provides-essential.html www.secnews.physaphae.fr/article.php?IdArticle=8418052 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access," Arctic Wolf]]> 2023-11-30T16:46:00+00:00 https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html www.secnews.physaphae.fr/article.php?IdArticle=8418040 False Ransomware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company said in a statement shared with The Hacker News. "All Okta Workforce Identity Cloud (WIC) and Customer]]> 2023-11-29T11:48:00+00:00 https://thehackernews.com/2023/11/okta-discloses-additional-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8417712 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra\'s DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud.]]> 2023-11-28T18:20:00+00:00 https://thehackernews.com/2023/11/transform-your-data-security-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8417498 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host]]> 2023-11-27T23:27:00+00:00 https://thehackernews.com/2023/11/how-to-handle-retail-saas-security-on.html www.secnews.physaphae.fr/article.php?IdArticle=8417295 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT\'s meteoric rise to 100 million users within 60 days of launch, especially with little]]> 2023-11-22T16:38:00+00:00 https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html www.secnews.physaphae.fr/article.php?IdArticle=8415868 False Tool,Cloud ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today\'s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that,]]> 2023-11-20T16:32:00+00:00 https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8414825 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In 2023, the cloud isn\'t just a technology-it\'s a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: \'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.\' Join us for an]]> 2023-11-17T16:00:00+00:00 https://thehackernews.com/2023/11/discover-2023s-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8413333 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access]]> 2023-11-16T16:48:00+00:00 https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html www.secnews.physaphae.fr/article.php?IdArticle=8412835 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with]]> 2023-11-15T09:48:00+00:00 https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8412202 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing]]> 2023-11-13T17:05:00+00:00 https://thehackernews.com/2023/11/top-5-marketing-tech-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8410967 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution]]> 2023-11-09T16:24:00+00:00 https://thehackernews.com/2023/11/when-email-security-meets-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8408438 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization\'s SaaS app stack and data within is paramount. Yet, the path to implementing an effective SaaS security program is not]]> 2023-11-08T14:48:00+00:00 https://thehackernews.com/2023/11/webinar-kickstarting-your-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8407763 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP)," cloud]]> 2023-11-03T18:42:00+00:00 https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html www.secnews.physaphae.fr/article.php?IdArticle=8405322 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees\' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter]]> 2023-11-02T14:54:00+00:00 https://thehackernews.com/2023/11/saas-security-is-now-accessible-and.html www.secnews.physaphae.fr/article.php?IdArticle=8404604 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The browser has become the main work interface in modern enterprises. It\'s where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine. Additionally,]]> 2023-11-01T17:23:00+00:00 https://thehackernews.com/2023/11/hands-on-review-layerxs-enterprise.html www.secnews.physaphae.fr/article.php?IdArticle=8404093 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it\'s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other]]> 2023-10-30T17:39:00+00:00 https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html www.secnews.physaphae.fr/article.php?IdArticle=8402826 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are]]> 2023-10-18T17:12:00+00:00 https://thehackernews.com/2023/10/qubitstrike-targets-jupyter-notebooks.html www.secnews.physaphae.fr/article.php?IdArticle=8397239 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said. "The data was used for registration purposes back then. So far, no]]> 2023-10-18T09:11:00+00:00 https://thehackernews.com/2023/10/d-link-confirms-data-breach-employee.html www.secnews.physaphae.fr/article.php?IdArticle=8397062 False Data Breach,Cloud None 2.0000000000000000