This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T12:08:29+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While cloud adoption has been top of mind for many IT professionals for nearly a decade, it\'s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure]]> 2024-05-15T16:25:00+00:00 https://thehackernews.com/2024/05/its-time-to-master-lift-shift-migrating.html www.secnews.physaphae.fr/article.php?IdArticle=8500129 False Tool,Cloud None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained]]> 2024-05-10T13:11:00+00:00 https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8497059 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user\'s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of]]> 2024-05-08T19:48:00+00:00 https://thehackernews.com/2024/05/a-saas-security-challenge-getting.html www.secnews.physaphae.fr/article.php?IdArticle=8495969 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.]]> 2024-05-08T16:28:00+00:00 https://thehackernews.com/2024/05/the-fundamentals-of-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8495846 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was]]> 2024-05-07T18:55:00+00:00 https://thehackernews.com/2024/05/apt42-hackers-pose-as-journalists-to.html www.secnews.physaphae.fr/article.php?IdArticle=8495241 False Cloud APT 42 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.]]> 2024-05-03T18:05:00+00:00 https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8492991 False Malware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.]]> 2024-05-03T16:12:00+00:00 https://thehackernews.com/2024/05/new-guide-explains-how-to-eliminate.html www.secnews.physaphae.fr/article.php?IdArticle=8492915 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the "]]> 2024-05-02T15:49:00+00:00 https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html www.secnews.physaphae.fr/article.php?IdArticle=8492326 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent]]> 2024-05-02T10:34:00+00:00 https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html www.secnews.physaphae.fr/article.php?IdArticle=8492194 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here\'s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let\'s discuss why]]> 2024-04-19T16:38:00+00:00 https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8485252 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The introduction of Open AI\'s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,]]> 2024-04-17T16:37:00+00:00 https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8484090 False Tool,Cloud ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in]]> 2024-04-16T18:56:00+00:00 https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html www.secnews.physaphae.fr/article.php?IdArticle=8483499 False Tool,Vulnerability,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground]]> 2024-04-16T16:40:00+00:00 https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html www.secnews.physaphae.fr/article.php?IdArticle=8483393 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat]]> 2024-04-15T18:59:00+00:00 https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html www.secnews.physaphae.fr/article.php?IdArticle=8482752 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud]]> 2024-04-05T12:45:00+00:00 https://thehackernews.com/2024/04/researchers-identify-multiple-china.html www.secnews.physaphae.fr/article.php?IdArticle=8476377 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What\'s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto]]> 2024-04-02T16:57:00+00:00 https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8474584 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends but the new norm. Amidst this backdrop, a critical aspect subtly weaves into the]]> 2024-03-28T16:30:00+00:00 https://thehackernews.com/2024/03/behind-scenes-art-of-safeguarding-non.html www.secnews.physaphae.fr/article.php?IdArticle=8471965 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" (]]> 2024-03-27T16:26:00+00:00 https://thehackernews.com/2024/03/sase-solutions-fall-short-without.html www.secnews.physaphae.fr/article.php?IdArticle=8471300 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that\'s used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP]]> 2024-03-21T18:18:00+00:00 https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html www.secnews.physaphae.fr/article.php?IdArticle=8467923 False Malware,Tool,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That\'s why effective vendor risk management (VRM) is a]]> 2024-03-21T17:00:00+00:00 https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html www.secnews.physaphae.fr/article.php?IdArticle=8467864 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration. Despite their powerful capabilities,]]> 2024-03-20T16:57:00+00:00 https://thehackernews.com/2024/03/generative-ai-security-secure-your.html www.secnews.physaphae.fr/article.php?IdArticle=8467286 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Being a CISO is a balancing act: ensuring organizations are secure without compromising users\' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are]]> 2024-03-14T15:54:00+00:00 https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html www.secnews.physaphae.fr/article.php?IdArticle=8463709 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to]]> 2024-03-13T16:03:00+00:00 https://thehackernews.com/2024/03/join-our-webinar-on-protecting-human.html www.secnews.physaphae.fr/article.php?IdArticle=8463115 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can\'t be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands]]> 2024-03-11T20:17:00+00:00 https://thehackernews.com/2024/03/embracing-cloud-revolutionizing.html www.secnews.physaphae.fr/article.php?IdArticle=8462169 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web]]> 2024-03-11T17:03:00+00:00 https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8462119 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.  Not]]> 2024-03-07T16:41:00+00:00 https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8460285 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using]]> 2024-03-05T16:25:00+00:00 https://thehackernews.com/2024/03/what-is-exposure-management-and-how.html www.secnews.physaphae.fr/article.php?IdArticle=8459271 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the]]> 2024-02-27T16:04:00+00:00 https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html www.secnews.physaphae.fr/article.php?IdArticle=8455808 False Threat,Cloud APT 29 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious]]> 2024-02-26T15:21:00+00:00 https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html www.secnews.physaphae.fr/article.php?IdArticle=8455339 False Malware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can\'t possibly become experts in the nuances of the native]]> 2024-02-21T17:00:00+00:00 https://thehackernews.com/2024/02/6-ways-to-simplify-saas-identity.html www.secnews.physaphae.fr/article.php?IdArticle=8453182 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world\'s most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a]]> 2024-02-20T16:23:00+00:00 https://thehackernews.com/2024/02/saas-compliance-through-nist.html www.secnews.physaphae.fr/article.php?IdArticle=8452677 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023. Their study]]> 2024-02-15T17:00:00+00:00 https://thehackernews.com/2024/02/how-nation-state-actors-target-your.html www.secnews.physaphae.fr/article.php?IdArticle=8450383 False Vulnerability,Studies,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches - safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and]]> 2024-02-13T16:40:00+00:00 https://thehackernews.com/2024/02/midnight-blizzard-and-cloudflare.html www.secnews.physaphae.fr/article.php?IdArticle=8449550 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and]]> 2024-02-09T13:10:00+00:00 https://thehackernews.com/2024/02/wazuh-in-cloud-era-navigating.html www.secnews.physaphae.fr/article.php?IdArticle=8448293 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors. Recently, Adaptive Shield commissioned a Total Economic]]> 2024-02-06T16:23:00+00:00 https://thehackernews.com/2024/02/how-10b-enterprise-customer-drastically.html www.secnews.physaphae.fr/article.php?IdArticle=8447245 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy\'s cybersecurity strategies, represents a major]]> 2024-02-02T16:00:00+00:00 https://thehackernews.com/2024/02/cloudzy-elevates-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8445948 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The SEC isn\'t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the]]> 2024-01-31T16:30:00+00:00 https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html www.secnews.physaphae.fr/article.php?IdArticle=8445135 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital world, security risks are more prevalent than ever, especially when it comes to Software as a Service (SaaS) applications. Did you know that an alarming 97% of companies face serious risks from unsecured SaaS applications?Moreover, about 20% of these organizations are struggling with internal data threats. These statistics aren\'t just numbers; they\'re a wake-up call. We\'re]]> 2024-01-29T17:03:00+00:00 https://thehackernews.com/2024/01/493-companies-share-their-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8444393 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise\'s (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"]]> 2024-01-25T11:18:00+00:00 https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html www.secnews.physaphae.fr/article.php?IdArticle=8442828 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In]]> 2024-01-24T19:55:00+00:00 https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html www.secnews.physaphae.fr/article.php?IdArticle=8442574 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world\'s first and only solution to address]]> 2024-01-24T16:54:00+00:00 https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html www.secnews.physaphae.fr/article.php?IdArticle=8442514 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are]]> 2024-01-18T22:01:00+00:00 https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html www.secnews.physaphae.fr/article.php?IdArticle=8440348 False Malware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI]]> 2024-01-17T19:00:00+00:00 https://thehackernews.com/2024/01/combating-ip-leaks-into-ai-applications.html www.secnews.physaphae.fr/article.php?IdArticle=8439910 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud]]> 2024-01-13T15:31:00+00:00 https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html www.secnews.physaphae.fr/article.php?IdArticle=8438571 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various]]> 2024-01-11T19:30:00+00:00 https://thehackernews.com/2024/01/new-python-based-fbot-hacking-toolkit.html www.secnews.physaphae.fr/article.php?IdArticle=8437897 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees]]> 2024-01-09T16:57:00+00:00 https://thehackernews.com/2024/01/why-public-links-expose-your-saas.html www.secnews.physaphae.fr/article.php?IdArticle=8437106 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It\'s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@]]> 2024-01-04T11:59:00+00:00 https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html www.secnews.physaphae.fr/article.php?IdArticle=8434203 False Hack,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised]]> 2024-01-03T16:16:00+00:00 https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html www.secnews.physaphae.fr/article.php?IdArticle=8433615 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,]]> 2024-01-02T15:31:00+00:00 https://thehackernews.com/2024/01/the-definitive-enterprise-browser.html www.secnews.physaphae.fr/article.php?IdArticle=8432862 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to]]> 2023-12-28T18:50:00+00:00 https://thehackernews.com/2023/12/google-cloud-resolves-privilege.html www.secnews.physaphae.fr/article.php?IdArticle=8430294 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB\'s formal exit from Russia earlier this year. Cloud Atlas, active since at]]> 2023-12-25T13:17:00+00:00 https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8428716 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general]]> 2023-12-18T20:10:00+00:00 https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html www.secnews.physaphae.fr/article.php?IdArticle=8424859 False Prediction,Medical,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is a web service that enables]]> 2023-12-06T19:08:00+00:00 https://thehackernews.com/2023/12/alert-threat-actors-can-leverage-aws.html www.secnews.physaphae.fr/article.php?IdArticle=8419566 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn\'t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how]]> 2023-12-04T17:08:00+00:00 https://thehackernews.com/2023/12/make-fresh-start-for-2024-clean-out.html www.secnews.physaphae.fr/article.php?IdArticle=8418989 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first...  What exactly is]]> 2023-11-30T17:25:00+00:00 https://thehackernews.com/2023/11/this-free-solution-provides-essential.html www.secnews.physaphae.fr/article.php?IdArticle=8418052 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access," Arctic Wolf]]> 2023-11-30T16:46:00+00:00 https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html www.secnews.physaphae.fr/article.php?IdArticle=8418040 False Ransomware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company said in a statement shared with The Hacker News. "All Okta Workforce Identity Cloud (WIC) and Customer]]> 2023-11-29T11:48:00+00:00 https://thehackernews.com/2023/11/okta-discloses-additional-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8417712 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra\'s DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud.]]> 2023-11-28T18:20:00+00:00 https://thehackernews.com/2023/11/transform-your-data-security-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8417498 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host]]> 2023-11-27T23:27:00+00:00 https://thehackernews.com/2023/11/how-to-handle-retail-saas-security-on.html www.secnews.physaphae.fr/article.php?IdArticle=8417295 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT\'s meteoric rise to 100 million users within 60 days of launch, especially with little]]> 2023-11-22T16:38:00+00:00 https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html www.secnews.physaphae.fr/article.php?IdArticle=8415868 False Tool,Cloud ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today\'s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that,]]> 2023-11-20T16:32:00+00:00 https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8414825 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In 2023, the cloud isn\'t just a technology-it\'s a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: \'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.\' Join us for an]]> 2023-11-17T16:00:00+00:00 https://thehackernews.com/2023/11/discover-2023s-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8413333 False Cloud Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access]]> 2023-11-16T16:48:00+00:00 https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html www.secnews.physaphae.fr/article.php?IdArticle=8412835 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with]]> 2023-11-15T09:48:00+00:00 https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8412202 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing]]> 2023-11-13T17:05:00+00:00 https://thehackernews.com/2023/11/top-5-marketing-tech-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8410967 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution]]> 2023-11-09T16:24:00+00:00 https://thehackernews.com/2023/11/when-email-security-meets-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8408438 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization\'s SaaS app stack and data within is paramount. Yet, the path to implementing an effective SaaS security program is not]]> 2023-11-08T14:48:00+00:00 https://thehackernews.com/2023/11/webinar-kickstarting-your-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8407763 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP)," cloud]]> 2023-11-03T18:42:00+00:00 https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html www.secnews.physaphae.fr/article.php?IdArticle=8405322 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees\' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter]]> 2023-11-02T14:54:00+00:00 https://thehackernews.com/2023/11/saas-security-is-now-accessible-and.html www.secnews.physaphae.fr/article.php?IdArticle=8404604 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The browser has become the main work interface in modern enterprises. It\'s where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine. Additionally,]]> 2023-11-01T17:23:00+00:00 https://thehackernews.com/2023/11/hands-on-review-layerxs-enterprise.html www.secnews.physaphae.fr/article.php?IdArticle=8404093 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it\'s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other]]> 2023-10-30T17:39:00+00:00 https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html www.secnews.physaphae.fr/article.php?IdArticle=8402826 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are]]> 2023-10-18T17:12:00+00:00 https://thehackernews.com/2023/10/qubitstrike-targets-jupyter-notebooks.html www.secnews.physaphae.fr/article.php?IdArticle=8397239 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said. "The data was used for registration purposes back then. So far, no]]> 2023-10-18T09:11:00+00:00 https://thehackernews.com/2023/10/d-link-confirms-data-breach-employee.html www.secnews.physaphae.fr/article.php?IdArticle=8397062 False Data Breach,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,]]> 2023-10-17T20:07:00+00:00 https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8396752 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS Security\'s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V\'s bar making sure that the only thing that leaks is beer (]]> 2023-10-16T17:16:00+00:00 https://thehackernews.com/2023/10/the-fast-evolution-of-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8396179 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO\'s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device]]> 2023-10-09T16:19:00+00:00 https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html www.secnews.physaphae.fr/article.php?IdArticle=8393138 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year. If the name Wing Security (Wing) rings a bell, it is probably because earlier this year,]]> 2023-10-04T17:24:00+00:00 https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html www.secnews.physaphae.fr/article.php?IdArticle=8391408 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target\'s environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report. "This allowed the]]> 2023-10-04T15:48:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-cyber-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8391371 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, Hospitality,]]> 2023-10-02T16:51:00+00:00 https://thehackernews.com/2023/10/lucr-3-scattered-spider-getting-saas-y.html www.secnews.physaphae.fr/article.php?IdArticle=8390455 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS]]> 2023-09-18T18:00:00+00:00 https://thehackernews.com/2023/09/new-ambersquid-cryptojacking-operation.html www.secnews.physaphae.fr/article.php?IdArticle=8384864 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern." "The fact that Google Authenticator syncs to]]> 2023-09-18T12:30:00+00:00 https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html www.secnews.physaphae.fr/article.php?IdArticle=8384764 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Employee offboarding is no one\'s favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That\'s easier said than done, especially considering that IT organizations have less visibility and control over employees\' IT use than ever. Today, employees can easily adopt new cloud and SaaS applications whenever and wherever they want, and the old IT]]> 2023-09-14T17:06:00+00:00 https://thehackernews.com/2023/09/avoid-these-5-it-offboarding-pitfalls.html www.secnews.physaphae.fr/article.php?IdArticle=8382651 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust]]> 2023-09-13T17:16:00+00:00 https://thehackernews.com/2023/09/webinar-identity-threat-detection.html www.secnews.physaphae.fr/article.php?IdArticle=8382301 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves]]> 2023-09-12T16:12:00+00:00 https://thehackernews.com/2023/09/7-steps-to-kickstart-your-saas-security.html www.secnews.physaphae.fr/article.php?IdArticle=8381753 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security\'s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for an upcoming (spoiler: now launched) campaign]]> 2023-08-23T17:14:00+00:00 https://thehackernews.com/2023/08/agile-approach-to-mass-cloud-credential.html www.secnews.physaphae.fr/article.php?IdArticle=8373614 False Malware,Cloud None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at]]> 2023-08-22T16:50:00+00:00 https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8373073 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide]]> 2023-08-16T16:42:00+00:00 https://thehackernews.com/2023/08/guide-how-google-workspace-based.html www.secnews.physaphae.fr/article.php?IdArticle=8370675 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors\' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and]]> 2023-08-15T23:44:00+00:00 https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html www.secnews.physaphae.fr/article.php?IdArticle=8370359 False Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why SaaS Security Is a Challenge In today\'s digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a]]> 2023-08-14T16:43:00+00:00 https://thehackernews.com/2023/08/identity-threat-detection-and-response.html www.secnews.physaphae.fr/article.php?IdArticle=8369891 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been]]> 2023-08-10T16:44:00+00:00 https://thehackernews.com/2023/08/emerging-attacker-exploit-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8368339 False Cloud Solardwinds 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it\'s been duplicated or moved to. So, what is DSPM? Here\'s a quick example: Let\'s say you\'ve built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it\'s protected behind a]]> 2023-08-01T15:45:00+00:00 https://thehackernews.com/2023/08/what-is-data-security-posture.html www.secnews.physaphae.fr/article.php?IdArticle=8364235 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. "The impacted Ubuntu versions are prevalent in the cloud as they serve as the default]]> 2023-07-27T18:55:00+00:00 https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8362245 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development.  Placing security at the very end of the]]> 2023-07-27T16:55:00+00:00 https://thehackernews.com/2023/07/the-4-keys-to-building-cloud-security.html www.secnews.physaphae.fr/article.php?IdArticle=8362202 False Tool,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven\'t changed in 2023. The U.S. Government\'s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were]]> 2023-07-24T17:40:00+00:00 https://thehackernews.com/2023/07/how-to-protect-patients-and-their.html www.secnews.physaphae.fr/article.php?IdArticle=8360782 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The recent attack against Microsoft\'s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and]]> 2023-07-21T20:44:00+00:00 https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html www.secnews.physaphae.fr/article.php?IdArticle=8359761 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. "This]]> 2023-07-20T11:42:00+00:00 https://thehackernews.com/2023/07/new-p2pinfect-worm-targeting-redis.html www.secnews.physaphae.fr/article.php?IdArticle=8359134 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday announced that it\'s expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure. The tech giant said it\'s making the change in direct response to increasing frequency and evolution of nation-state cyber]]> 2023-07-20T10:36:00+00:00 https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html www.secnews.physaphae.fr/article.php?IdArticle=8359121 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what\'s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker\'s perspective has never been more important. Let\'s look at why it\'s growing]]> 2023-07-19T17:28:00+00:00 https://thehackernews.com/2023/07/how-to-manage-your-attack-surface.html www.secnews.physaphae.fr/article.php?IdArticle=8358788 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling]]> 2023-07-19T15:04:00+00:00 https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html www.secnews.physaphae.fr/article.php?IdArticle=8358731 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As security practices continue to evolve, one primary concern persists in the minds of security professionals-the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data. To effectively address insider risks, organizations must]]> 2023-07-14T16:38:00+00:00 https://thehackernews.com/2023/07/defend-against-insider-threats-join.html www.secnews.physaphae.fr/article.php?IdArticle=8356506 False Cloud None 2.0000000000000000