Code Injection in Spring Cloud: CVE-2024-37084

The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user Read More …

Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry

In a recent audit of open-source web applications, threat researchers from Unit 42 have identified a broken object-level authorization (BOLA) vulnerability that impacts Harbor versions prior to 2.9.5. Harbor is a widely used cloud-native container registry that plays a role Read More …

Microsoft Announces Suspension of Cloud Services in Russia Amid EU Sanctions

Microsoft has announced that it will suspend access to its cloud services for companies based in Russia, effective March 20. This move comes as a direct response to the European Union’s 12th package of sanctions against Russia, specifically EU regulation Read More …

Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack Read More …

CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys

Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign Read More …

Microsoft to help Australia’s cyber spies amid $5bn investment in cloud computing

Microsoft says it will invest an additional $5bn in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats. Anthony Albanese confirmed the Read More …

How BPF-Enabled Malware Works

Berkeley Packet Filtering (BPF) is a kind of technology that allows programs to effectively execute code in the kernels of modern operating systems, such as Linux and Berkeley Software Distribution (BSD) variants. Soon, Windows will also add support for BPF. Read More …

Kaspersky reveals three-year long suspected supply chain attack targeting Linux

UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Kaspersky unveiled a malicious campaign in which an installer of the Free Download Manager software was employed to disseminate a Linux backdoor for a minimum of three Read More …

Storm-0558: Understanding How Microsoft Failed to Protect Itself

You’re undoubtedly familiar with the so-called Storm-0558 attacks from July 2023. If not a quick recap: these attacks (widely attributed as the work of the Chinese government) compromised a number of high-value Exchange Online mailboxes, including the US Secretary of Read More …