In this blog entry, Trend Micro researchers look at overly permissive cloud service credentials in Microsoft’s public-facing assets and assess their potential implications on software supply chain and software integrity.
We do this by exploring two scenarios involving PC Manager, a tool designed to help optimize and manage Windows computers. PC Manager includes features for cleaning up temporary files, managing startup programs, monitoring system health, and improving overall performance, and aims to provide users with a straightforward method for maintaining their machine’s efficiency and security. The two scenarios the researchers explore include one related to the official PC Manager website, and another to the WinGet package manager.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hundreds of Snowflake customer passwords found online are linked to info-stealing malware
June 5, 2024
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts ...
- Ukrainian intelligence’ hackers attack Russian government agencies and large companies
June 5, 2024
Hackers from the Main Intelligence Directorate (DIU) of Ukraine’s Ministry of Defense have attacked the electronic services of several Russian ministries and banking institutions, according to RBC-Ukraine source in the special services. According to Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media) , the disruption is allegedly linked to an accident in ...
- Ticketmaster confirms customer data breach
June 1, 2024
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation. ...
- 5 Reasons to Attend Cyber Security & Cloud Congress North America 2024
May 24, 2024
Explore the forefront of enterprise technology at the Cyber Security & Cloud Congress North America. Delve into the entirety of the Cyber Security & Cloud Ecosystem and unravel the practical and triumphant application of Cyber Security & Cloud. Returning to North America on June 5-6, 2024, at the esteemed Santa Clara Convention Center, the globally renowned ...
- Microsoft employees exposed internal passwords in security lapse
April 9, 2024
Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating ...
- Businesses leaving their Kubernetes containers exposed to ransomware
March 14, 2024
As businesses look for faster and more flexible development frameworks, the use of containers and Kubernetes (K8s) continues to rise. While Kubernetes theoretically has several security advantages compared to traditional applications, it remains one of the top concerns for organizations on their cloud-native journey. This concern is fairly valid it seems. A recent report found that ...