More UK councils caught by Capita’s open AWS bucket blunder

The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega Read More …

The Cyber Security & Cloud Congress North America (17-18th May) has announced exciting new additions to its line-up of speakers and panellists for the upcoming two-day event in Santa Clara.

The event will take place on May 17th and 18th, 2023, and will feature a diverse range of tech industry experts, including CIOs, CTOs, Cyber Security, Cloud Architects, and other key players in the field. Attendees will have a great Read More …

Linux kernel logic allowed Spectre attack on ‘major cloud provider’

The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it. On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google’s product security response team, disclosed a Spectre-related flaw in version 6.2 of the Read More …

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network Read More …

SCARLETEEL hackers use advanced cloud skills to steal source code, data

An advanced hacking operation dubbed ‘SCARLETEEL’ targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. SCARLETEEL was discovered by cybersecurity intelligence firm Sysdig while responding to an incident in one of their customers’ cloud Read More …

Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. While these tactics aren’t novel, Microsoft’s Defender for Cloud team reports they have seen an uptick lately, indicating that Read More …

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and Read More …

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has Read More …

Attack Surface Management 2022 Midyear Review – Part 3

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses Read More …