Showing only posts tagged Cloud. Show all posts.

Jan 13 2025 Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. [...]

Jan 13 2025 Ransomware abuses Amazon AWS feature to encrypt S3 buckets

Source

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. [...]

Oct 16 2024 Critical Kubernetes Image Builder flaw gives SSH root access to VMs

Source

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. [...]

Sep 29 2024 Critical flaw in NVIDIA Container Toolkit allows full host takeover

Source

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...]

Sep 17 2024 Ransomware gangs now abuse Microsoft Azure tool for data theft

Source

Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. [...]

Sep 13 2024 New Linux malware Hadooken targets Oracle WebLogic servers

Source

Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. [...]

Jul 03 2024 Proton launches free, privacy-focused Google Docs alternative

Source

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. [...]

May 30 2024 BBC suffers data breach impacting current, former employees

Source

The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. [...]

Feb 21 2024 Hackers abuse Google Cloud Run in massive banking trojan campaign

Source

Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. [...]

Feb 12 2024 Ongoing Microsoft Azure account hijacking campaign targets executives

Source

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. [...]

Feb 04 2024 Leaky Vessels flaws allow hackers to escape Docker, runc containers

Source

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. [...]

Jan 13 2024 Hacker spins up 1 million virtual servers to illegally mine crypto

Source

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. [...]