February 20, 2024
Via: The RegisterSmart home security camera slinger Wyze is telling customers that a cybersecurity “incident” allowed thousands of users to see other people’s camera feeds. Thanks to a helpful Reg reader who sent a customer email over to us, we know that […]
Threats & Malware, Virus & Malware
February 16, 2024
Via: TechRadarSmart home brand Wyze Labs recently suffered through a massive service outage with users flooding the internet with reports stating their security cameras no longer work. The issues people are experiencing vary case by case. There are posts on the […]
Threats & Malware, Virus & Malware
January 17, 2024
Via: The RegisterCrooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). In a joint warning issued on Tuesday, the US government agencies said the […]
November 27, 2023
Via: Help Net SecurityAWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda function and proof of concept client. You can either adopt this client or […]
November 27, 2023
Via: Help Net SecurityTrellix announced its generative artificial intelligence (GenAI) capabilities, built on Amazon Bedrock and supported by Trellix Advanced Research Center. Amazon Bedrock is a fully managed service from AWS making foundation models (FMs) from leading AI companies accessible via an API […]
October 30, 2023
Via: The RegisterSecurity researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials. Given the name “EleKtra-Leak” by researchers at Palo Alto Networks’s Unit 42, the criminals behind the campaign are credited with […]
Threats & Malware, Virus & Malware
October 12, 2023
Via: SecureWorldIn recent months, the cybersecurity world has been shaken by the revelation of a sophisticated and unprecedented cyber threat: the HTTP/2 Rapid Reset Zero-Day vulnerability. This exploit, tracked as CVE-2023-44487, enabled cybercriminals to orchestrate what has been dubbed the largest […]
October 5, 2023
Via: Help Net SecurityArcserve announced it is partnering with Wasabi Technologies to introduce an integrated total unified data solution package. Exclusively available through Climb Distribution, this offering combines Arcserve’s Unified Data Protection UDP 9.0 and above with Wasabi’s immutable cloud storage, ensuring a […]
September 29, 2023
Via: Security AffairsOn June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system. The misconfiguration exposed the repository’s contents. According to our team, […]
Threats & Malware, Virus & Malware
September 19, 2023
Via: TechRadarCybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]
Threats & Malware, Virus & Malware
September 18, 2023
Via: The RegisterAs cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think. Researchers from […]
Threats & Malware, Vulnerabilities
August 23, 2023
Via: The Hacker NewsDevelopers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]
August 2, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments “The SSM agent, a legitimate […]
July 24, 2023
Via: The Hacker NewsGoogle has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification. “Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users […]
July 11, 2023
Via: The Hacker NewsCloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. “Cloud environments are still their primary target, but the […]
Threats & Malware, Virus & Malware
May 24, 2023
Via: The Hacker NewsAn updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. “This recent update demonstrates a widening of scope, with new capabilities such […]
November 16, 2022
Via: The Hacker NewsHundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. “Leaking PII in this manner provides a potential treasure trove for threat actors – […]
October 26, 2021
Via: Security WeekThe secret contract was signed this year and experts estimate its value at £500 million ($690 million) to £1 billion, the newspaper said, citing people familiar with the discussions. It was said to be spearheaded by Britain’s cybersecurity agency GCHQ, […]
June 14, 2021
Via: CSO OnlineSecurity in the public cloud is based on the concept of shared responsibility: The largest cloud service providers deliver a secure, hyperscale environment, but it’s up to the customer to protect everything it puts into the cloud. This separation of […]
April 13, 2021
Via: Hot for SecurityLast Thursday, a Wichita Falls resident was arrested for allegedly attempting to bomb an AWS data center in Virginia. According to the US Department of Justice (DOJ), 28-year Seth Aaron Pendley was detained after a concerned citizen alerted authorities to […]