Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has Read More …

Attack Surface Management 2022 Midyear Review – Part 3

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses Read More …

Server-side attacks, C&C in public cloud services

This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. Kaspersky researchers hope that learning about the attacks that Read More …

Attack Surface Management 2022 Midyear Review – Part 2

The cybersecurity landscape changed significantly in the first half of 2022. In our midyear roundup, Trend Micro researchers examine these changes and their effects on business operations as well as what you need to know about staying protected from online Read More …

Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers

A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, Read More …

AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

ollowing Log4Shell, AWS released several hot patch solutions that monitor for vulnerable Java applications and Java containers and patch them on the fly. Each solution suits a different environment, covering standalone servers, Kubernetes clusters, Elastic Container Service (ECS) clusters and Read More …

Amazon cloud outage hits major websites, streaming apps

A major outage disrupted Amazon’s cloud services on Tuesday, temporarily knocking out streaming platforms Netflix and Disney+, Robinhood, a wide range of apps and Amazon.com Inc’s e-commerce website as consumers shopped ahead of Christmas. “Many services have already recovered, however Read More …