This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:40:52+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there\'s a problem: they stop short of where the most sensitive user activity actually happens-the browser. This isn\'t a small omission. It\'s a structural]]> 2025-05-07T16:26:00+00:00 https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html www.secnews.physaphae.fr/article.php?IdArticle=8672730 False Legislation,Cloud,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these \'plug-and-play\' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team]]> 2025-05-06T16:35:00+00:00 https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html www.secnews.physaphae.fr/article.php?IdArticle=8672256 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role - managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also]]> 2025-05-06T15:30:00+00:00 https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html www.secnews.physaphae.fr/article.php?IdArticle=8672235 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the]]> 2025-04-28T14:37:00+00:00 https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668906 False Malware,Tool,Threat,Prediction,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that]]> 2025-04-27T10:32:00+00:00 https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668420 False Tool,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that\'s based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which]]> 2025-04-22T19:36:00+00:00 https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html www.secnews.physaphae.fr/article.php?IdArticle=8666189 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware\'s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.]]> 2025-04-22T16:30:00+00:00 https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html www.secnews.physaphae.fr/article.php?IdArticle=8666111 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Your employees didn\'t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal-until it is. If this sounds familiar, you\'re not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And]]> 2025-04-18T15:15:00+00:00 https://thehackernews.com/2025/04/webinar-ai-is-already-inside-your-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8664414 False Tool,Cloud ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and]]> 2025-04-16T16:00:00+00:00 https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html www.secnews.physaphae.fr/article.php?IdArticle=8663471 False Hack,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps - but in job offers, hardware, and cloud services we rely on every day. Hackers don\'t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough. This week,]]> 2025-04-07T16:55:00+00:00 https://thehackernews.com/2025/04/weekly-recap-vpn-exploits-oracles.html www.secnews.physaphae.fr/article.php?IdArticle=8660729 False Malware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact]]> 2025-04-02T19:18:00+00:00 https://thehackernews.com/2025/04/google-fixed-cloud-run-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8659841 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every week, someone somewhere slips up-and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights-and the unexpected]]> 2025-03-31T16:55:00+00:00 https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html www.secnews.physaphae.fr/article.php?IdArticle=8659376 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If you\'re using AWS, it\'s easy to assume your cloud security is handled - but that\'s a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer\'s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it\'s up to the customer to handle the locks, install the alarm systems,]]> 2025-03-31T16:30:00+00:00 https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html www.secnews.physaphae.fr/article.php?IdArticle=8659377 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Whether it\'s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why]]> 2025-03-27T16:55:00+00:00 https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8658553 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations now use an average of 112 SaaS applications-a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that\'s just one major SaaS provider.]]> 2025-03-25T16:30:00+00:00 https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html www.secnews.physaphae.fr/article.php?IdArticle=8658076 False Studies,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity isn\'t just another checkbox on your business agenda. It\'s a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365\'s approach, offers a framework for comprehending and implementing effective cybersecurity]]> 2025-03-20T16:55:00+00:00 https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8656927 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small]]> 2025-03-19T16:00:00+00:00 https://thehackernews.com/2025/03/5-identity-threat-detection-response.html www.secnews.physaphae.fr/article.php?IdArticle=8656657 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is]]> 2025-03-18T19:30:00+00:00 https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html www.secnews.physaphae.fr/article.php?IdArticle=8656479 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider\'s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for]]> 2025-03-17T16:30:00+00:00 https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8656206 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages]]> 2025-03-15T11:25:00+00:00 https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8655862 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become]]> 2025-03-13T16:30:00+00:00 https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html www.secnews.physaphae.fr/article.php?IdArticle=8655528 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber threats today don\'t just evolve-they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds-ranging from nation-state espionage and ransomware to manipulated AI chatbots-the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our]]> 2025-03-10T15:16:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-new-attacks-old-tricks.html www.secnews.physaphae.fr/article.php?IdArticle=8654845 False Ransomware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to]]> 2025-03-07T11:10:00+00:00 https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html www.secnews.physaphae.fr/article.php?IdArticle=8654464 False Hack,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity-the gateway to enterprise security and the number one attack vector]]> 2025-03-05T16:30:00+00:00 https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html www.secnews.physaphae.fr/article.php?IdArticle=8653816 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday]]> 2025-02-25T11:21:00+00:00 https://thehackernews.com/2025/02/fatalrat-phishing-attacks-target-apac.html www.secnews.physaphae.fr/article.php?IdArticle=8650740 False Malware,Threat,Industrial,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology\'s (NIST) post-quantum cryptography (PQC)]]> 2025-02-24T16:47:00+00:00 https://thehackernews.com/2025/02/google-cloud-kms-adds-quantum-safe.html www.secnews.physaphae.fr/article.php?IdArticle=8650473 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack]]> 2025-02-17T14:49:00+00:00 https://thehackernews.com/2025/02/thn-weekly-recap-google-secrets-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8648690 False Hack,Threat,Cloud,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy]]> 2025-02-12T11:27:00+00:00 https://thehackernews.com/2025/02/ivanti-patches-critical-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648158 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket-each one seems minor until it becomes the entry point for an attack. This week, we\'ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question]]> 2025-02-10T17:43:00+00:00 https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity_10.html www.secnews.physaphae.fr/article.php?IdArticle=8647855 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let\'s take a]]> 2025-02-04T16:30:00+00:00 https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8646787 False Prediction,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what\'s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker\'s perspective has never been more important. In this]]> 2025-02-03T16:30:00+00:00 https://thehackernews.com/2025/02/what-is-attack-surface-management.html www.secnews.physaphae.fr/article.php?IdArticle=8646481 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company\'s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged]]> 2025-02-01T12:10:00+00:00 https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html www.secnews.physaphae.fr/article.php?IdArticle=8645584 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this]]> 2025-01-24T16:30:00+00:00 https://thehackernews.com/2025/01/insights-from-2025-saas-backup-and-recovery-report.html www.secnews.physaphae.fr/article.php?IdArticle=8642019 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant\'s cloud division said in its 11th]]> 2025-01-23T11:05:00+00:00 https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html www.secnews.physaphae.fr/article.php?IdArticle=8641413 False Ransomware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have]]> 2025-01-22T16:01:00+00:00 https://thehackernews.com/2025/01/discover-hidden-browsing-threats-free.html www.secnews.physaphae.fr/article.php?IdArticle=8641026 False Tool,Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every week seems to bring news of another data breach, and it\'s no surprise why: securing sensitive data has become harder than ever. And it\'s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting]]> 2025-01-20T16:40:00+00:00 https://thehackernews.com/2025/01/product-walkthrough-how-satori.html www.secnews.physaphae.fr/article.php?IdArticle=8640122 False Data Breach,Cloud Satori 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,]]> 2025-01-15T17:56:00+00:00 https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8637703 False Tool,Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party]]> 2025-01-14T15:38:00+00:00 https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html www.secnews.physaphae.fr/article.php?IdArticle=8637075 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it\'s currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in]]> 2025-01-13T19:03:00+00:00 https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8636752 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a]]> 2025-01-09T17:25:00+00:00 https://thehackernews.com/2025/01/product-review-how-reco-discovers.html www.secnews.physaphae.fr/article.php?IdArticle=8635275 False Tool,Cloud ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)-a 75% increase from last year-and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout]]> 2025-01-06T17:00:00+00:00 https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html www.secnews.physaphae.fr/article.php?IdArticle=8634094 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS]]> 2025-01-02T16:23:00+00:00 https://thehackernews.com/2025/01/cross-domain-attacks-growing-threat-to.html www.secnews.physaphae.fr/article.php?IdArticle=8632692 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg]]> 2024-12-27T16:40:00+00:00 https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8630564 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if]]> 2024-12-25T19:15:00+00:00 https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8629884 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,]]> 2024-12-19T15:30:00+00:00 https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html www.secnews.physaphae.fr/article.php?IdArticle=8627439 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims\' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,]]> 2024-12-18T19:40:00+00:00 https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html www.secnews.physaphae.fr/article.php?IdArticle=8627116 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.]]> 2024-12-18T14:45:00+00:00 https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8627069 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it\'s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we\'ll break down this topic]]> 2024-12-12T17:00:00+00:00 https://thehackernews.com/2024/12/saas-budget-planning-guide-for-it.html www.secnews.physaphae.fr/article.php?IdArticle=8624017 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote]]> 2024-12-11T08:29:00+00:00 https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html www.secnews.physaphae.fr/article.php?IdArticle=8623183 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud\'s flexibility, scalability, and efficiency come with significant risk - an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and]]> 2024-12-04T17:20:00+00:00 https://thehackernews.com/2024/12/7-pam-best-practices-to-secure-hybrid.html www.secnews.physaphae.fr/article.php?IdArticle=8619431 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An]]> 2024-11-29T15:04:00+00:00 https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html www.secnews.physaphae.fr/article.php?IdArticle=8618237 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp\'s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data. "Since these are hardened languages with limited capabilities, they\'re supposed to be more secure than]]> 2024-11-25T16:54:00+00:00 https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html www.secnews.physaphae.fr/article.php?IdArticle=8617552 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that\'s both scalable and adaptable. As companies shift from traditional,]]> 2024-11-22T17:00:00+00:00 https://thehackernews.com/2024/11/the-importance-of having-a-google-workspace-backup-solution.html www.secnews.physaphae.fr/article.php?IdArticle=8615987 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed two security flaws in Google\'s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks]]> 2024-11-15T18:05:00+00:00 https://thehackernews.com/2024/11/researchers-warn-of-privilege.html www.secnews.physaphae.fr/article.php?IdArticle=8611732 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that]]> 2024-11-13T16:30:00+00:00 https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html www.secnews.physaphae.fr/article.php?IdArticle=8610355 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and]]> 2024-11-13T14:58:00+00:00 https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html www.secnews.physaphae.fr/article.php?IdArticle=8610328 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a]]> 2024-11-08T19:32:00+00:00 https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html www.secnews.physaphae.fr/article.php?IdArticle=8608143 False Malware,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services - including Teams, SharePoint, Quick Assist, and OneDrive - the attacker exploited the trusted infrastructures of previously compromised organizations to]]> 2024-11-06T23:22:00+00:00 https://thehackernews.com/2024/11/veildrive-attack-exploits-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8607121 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google\'s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at]]> 2024-11-06T11:07:00+00:00 https://thehackernews.com/2024/11/google-cloud-to-enforce-multi-factor.html www.secnews.physaphae.fr/article.php?IdArticle=8606819 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the]]> 2024-11-05T10:38:00+00:00 https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html www.secnews.physaphae.fr/article.php?IdArticle=8606285 False Data Breach,Legislation,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,]]> 2024-11-01T15:57:00+00:00 https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html www.secnews.physaphae.fr/article.php?IdArticle=8604607 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major]]> 2024-11-01T15:50:00+00:00 https://thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html www.secnews.physaphae.fr/article.php?IdArticle=8604608 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It\'s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT]]> 2024-11-01T09:57:00+00:00 https://thehackernews.com/2024/11/stop-lucr-3-attacks-learn-key-identity.html www.secnews.physaphae.fr/article.php?IdArticle=8604475 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through]]> 2024-10-28T22:56:00+00:00 https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html www.secnews.physaphae.fr/article.php?IdArticle=8602918 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure]]> 2024-10-26T14:36:00+00:00 https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html www.secnews.physaphae.fr/article.php?IdArticle=8601997 False Malware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is]]> 2024-10-25T17:55:00+00:00 https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html www.secnews.physaphae.fr/article.php?IdArticle=8601707 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared]]> 2024-10-24T18:30:00+00:00 https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8601553 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it\'s no wonder-the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot,]]> 2024-10-23T15:04:00+00:00 https://thehackernews.com/2024/10/think-youre-secure-49-of-enterprises.html www.secnews.physaphae.fr/article.php?IdArticle=8601392 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong]]> 2024-10-21T12:29:00+00:00 https://thehackernews.com/2024/10/researchers-discover-severe-security.html www.secnews.physaphae.fr/article.php?IdArticle=8600858 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That\'s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the]]> 2024-10-14T17:05:00+00:00 https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8597590 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices-securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning]]> 2024-10-14T16:39:00+00:00 https://thehackernews.com/2024/10/5-steps-to-boost-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8597591 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Social media accounts help shape a brand\'s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access - a situation no organization wants as]]> 2024-10-09T16:30:00+00:00 https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html www.secnews.physaphae.fr/article.php?IdArticle=8594792 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated]]> 2024-10-08T22:08:00+00:00 https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8594380 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent]]> 2024-09-27T16:41:00+00:00 https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html www.secnews.physaphae.fr/article.php?IdArticle=8586457 False Ransomware,Threat,Legislation,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming]]> 2024-09-26T11:48:00+00:00 https://thehackernews.com/2024/09/cloudflare-warns-of-india-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8585401 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If]]> 2024-09-24T16:30:00+00:00 https://thehackernews.com/2024/09/the-sspm-justification-kit.html www.secnews.physaphae.fr/article.php?IdArticle=8583775 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hold on tight, folks, because last week\'s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let\'s dive into the details and see what lessons we can glean]]> 2024-09-23T16:50:00+00:00 https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top.html www.secnews.physaphae.fr/article.php?IdArticle=8582899 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch]]> 2024-09-20T09:48:00+00:00 https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html www.secnews.physaphae.fr/article.php?IdArticle=8580173 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency]]> 2024-09-16T18:37:00+00:00 https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html www.secnews.physaphae.fr/article.php?IdArticle=8577750 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows]]> 2024-09-14T09:42:00+00:00 https://thehackernews.com/2024/09/ivanti-warns-of-active-exploitation-of.html www.secnews.physaphae.fr/article.php?IdArticle=8576367 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher]]> 2024-09-13T11:09:00+00:00 https://thehackernews.com/2024/09/new-linux-malware-campaign-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8575756 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own]]> 2024-09-10T16:51:00+00:00 https://thehackernews.com/2024/09/shining-light-on-shadow-apps-invisible.html www.secnews.physaphae.fr/article.php?IdArticle=8573852 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Designed to be more than a one-time assessment- Wing Security\'s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture-and it\'s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can\'t afford to overlook the constantly]]> 2024-09-09T16:00:00+00:00 https://thehackernews.com/2024/09/wing-security-saas-pulse-continuous.html www.secnews.physaphae.fr/article.php?IdArticle=8573182 False Medical,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, "Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them" argues that the]]> 2024-09-04T16:24:00+00:00 https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html www.secnews.physaphae.fr/article.php?IdArticle=8569638 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves," Netskope Threat]]> 2024-08-28T12:19:00+00:00 https://thehackernews.com/2024/08/new-qr-code-phishing-campaign-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8565206 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It\'s no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the identities with which we log into these services. Unfortunately – as is so often the case – our]]> 2024-08-21T16:41:00+00:00 https://thehackernews.com/2024/08/its-time-to-untangle-saas-ball-of-yarn.html www.secnews.physaphae.fr/article.php?IdArticle=8561383 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive]]> 2024-08-21T01:43:00+00:00 https://thehackernews.com/2024/08/detecting-aws-account-compromise-key.html www.secnews.physaphae.fr/article.php?IdArticle=8561000 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.]]> 2024-08-19T15:32:00+00:00 https://thehackernews.com/2024/08/xeon-sender-tool-exploits-cloud-apis.html www.secnews.physaphae.fr/article.php?IdArticle=8560228 False Spam,Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence]]> 2024-08-16T22:00:00+00:00 https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html www.secnews.physaphae.fr/article.php?IdArticle=8558809 False Threat,Cloud,Technical None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your]]> 2024-08-16T16:57:00+00:00 https://thehackernews.com/2024/08/the-hidden-security-gaps-in-your-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8558675 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help]]> 2024-08-15T16:30:00+00:00 https://thehackernews.com/2024/08/identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8558114 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations\' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,]]> 2024-08-15T12:17:00+00:00 https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8558004 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that\'s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.]]> 2024-08-15T10:42:00+00:00 https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html www.secnews.physaphae.fr/article.php?IdArticle=8557984 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Everyone loves the double-agent plot twist in a spy movie, but it\'s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is detecting those threats before they lead to full]]> 2024-08-06T16:47:00+00:00 https://thehackernews.com/2024/08/suspicious-minds-insider-threats-in.html www.secnews.physaphae.fr/article.php?IdArticle=8552715 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection. "This threat is]]> 2024-08-06T15:06:00+00:00 https://thehackernews.com/2024/08/new-android-spyware-lianspy-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8552657 False Malware,Threat,Mobile,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. Attack chains entail the exploitation]]> 2024-08-03T09:29:00+00:00 https://thehackernews.com/2024/08/hackers-exploit-misconfigured-jupyter.html www.secnews.physaphae.fr/article.php?IdArticle=8550344 False Tool,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users\' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024. "The malware uses a]]> 2024-07-27T11:17:00+00:00 https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html www.secnews.physaphae.fr/article.php?IdArticle=8545220 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform\'s Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and]]> 2024-07-25T13:59:00+00:00 https://thehackernews.com/2024/07/experts-expose-confusedfunction.html www.secnews.physaphae.fr/article.php?IdArticle=8544019 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it\'s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface-and with]]> 2024-07-24T15:31:00+00:00 https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8543343 False Tool,Prediction,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google]]> 2024-07-22T17:56:00+00:00 https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html www.secnews.physaphae.fr/article.php?IdArticle=8542027 False Cloud None 3.0000000000000000