In this blog entry, Trend Micro researchers look at overly permissive cloud service credentials in Microsoft’s public-facing assets and assess their potential implications on software supply chain and software integrity.
We do this by exploring two scenarios involving PC Manager, a tool designed to help optimize and manage Windows computers. PC Manager includes features for cleaning up temporary files, managing startup programs, monitoring system health, and improving overall performance, and aims to provide users with a straightforward method for maintaining their machine’s efficiency and security. The two scenarios the researchers explore include one related to the official PC Manager website, and another to the WinGet package manager.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Navigating the Cloud: Exploring Lateral Movement Techniques
February 28, 2024
In this post, Unit 42 researchers reseat examine lateral movement techniques, showcasing some that they have observed in the wild within cloud environments. Lateral movement can be achieved by leveraging both cloud APIs and access to compute instances, with access at the cloud level potentially extending to the latter. We explore cloud lateral movement techniques in ...
- Cyber Security & Cloud Congress North America Unveils Esteemed Speaker Lineup
February 26, 2024
The Cyber Security & Cloud Congress North America has revealed the newest additions to its speakers’ line up for its forthcoming conference, slated to be held at the Santa Clara Convention Center on June 5-6, 2024. Among the notable speakers set to take the stage are: Alissa “Dr Jay” Abdullah, Deputy Chief Security Officer – Mastercard Benjamin Benhan, ...
- BMW security lapse exposed sensitive company information, researcher finds
February 14, 2024
A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Read more… Source: TechCrunch
- US military notifies 20,000 of data breach after cloud email leak
February 14, 2024
The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently ...
- Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
February 12, 2024
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack and offers suggestions that affected organizations can implement to protect themselves from it. Proofpoint researchers detected ...
- Cyber Security & Cloud Congress 2024: Uniting 7,000 Experts at the Global Hub of Innovation and Insight
January 22, 2024
Santa Clara, CA — 17.01.2024 Cyber Security & Cloud Congress 2024, is an esteemed assembly of more than 7,000 professionals in the Cyber Security & Cloud field. The event is scheduled to occur on June 5-6, 2024, at the Santa Clara Convention Center. Envisioned as one of the most extensive conferences and exhibitions of its category ...