In this blog entry, Trend Micro researchers look at overly permissive cloud service credentials in Microsoft’s public-facing assets and assess their potential implications on software supply chain and software integrity.
We do this by exploring two scenarios involving PC Manager, a tool designed to help optimize and manage Windows computers. PC Manager includes features for cleaning up temporary files, managing startup programs, monitoring system health, and improving overall performance, and aims to provide users with a straightforward method for maintaining their machine’s efficiency and security. The two scenarios the researchers explore include one related to the official PC Manager website, and another to the WinGet package manager.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Timehop breach hits 21 million users due to a lack of 2FA on cloud services
July 9, 2018
Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit. As a result, the company has voided all social media authorisation tokens it held, and is alerting its users. Around 4.7 million phone numbers were breached, ...
- Olympic Destroyer Returns to Target Biochemical Labs
June 19, 2018
Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized ...
- Pentagon Wants Cloud Secure Enough to Hold Nuke Secrets
May 15, 2018
The Pentagon’s JEDI cloud will be designed to store the military’s most sensitive classified information. The Defense Department’s Joint Enterprise Defense Infrastructure cloud will be designed to host the government’s most sensitive classified data, including critical nuclear weapon design information and other nuclear secrets. Read more… Source: DefenseOne
- Deloitte hit by cyber-attack revealing clients’ secret emails
September 25, 2017
One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed ...
- Cloudbleed: How to Protect Yourself After the Data Leak
February 25, 2017
Cloudflare revealed a bug in its code caused sensitive data to leak from major websites that use its services, including big names such as Uber, Fitbit, 1Password, and OkCupid. There are an estimated 4.2 million domains using Cloudflare, which may have leaked data, including crypto keys, passwords, user sensitive information, and so on. The list is ...
- Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare
February 22, 2017
A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of ...