Recherche : [cloud] - Cyberveille

Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms https://www.sentinelone.com/labs/predator-ai-chatgpt-powered-infostealer-takes-aim-at-cloud-platforms/

08/11/2023 19:02:52

An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska https://www.washingtonpost.com/technology/2023/08/14/microsoft-china-hack-congress/

20/08/2023 18:17:05

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.

Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry https://archive.ph/uRC0G

12/08/2023 19:27:13

A US cybersecurity advisory panel will investigate risks in cloud computing, including Microsoft Corp.’s role in a recent breach of government officials’ email accounts by suspected Chinese hackers, according to two people familiar with the matter.
The Cyber Safety Review Board, which was created by the Biden administration to investigate major cybersecurity events, will focus on risks to cloud computing infrastructure broadly, including identity and authentication management, and will examine all relevant cloud service providers, according to a Department of Homeland Security official. The issue was brought into focus by the breach of Microsoft’s email systems, the official said. Both people asked not to be named so they could discuss sensitive information.

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform https://www.tenable.com/security/research/tra-2023-25

04/08/2023 09:35:57

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).

Microsoft…The Truth Is Even Worse Than You Think https://www.linkedin.com/pulse/microsoftthe-truth-even-worse-than-you-think-amit-yoran/

04/08/2023 09:35:37

Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chine

Cryptojacking: Understanding and defending against cloud compute resource abuse https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/

26/07/2023 13:19:50

Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse.

MOVEit Transfer and MOVEit Cloud Vulnerability https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability

11/06/2023 14:26:06

This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates.

CVE-PENDING (June 9, 2023)
CVE-2023-34362 (May 31, 2023)

Vulnerability in GCP CloudSQL Leads to Data Exposure https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure

28/05/2023 23:21:17

The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure

«Cloud souverain»: les cantons latins avancent groupés et font un appel du pied à la Confédération https://www.ictjournal.ch/news/2023-05-12/cloud-souverain-les-cantons-latins-avancent-groupes-et-font-un-appel-du-pied-a-la

12/05/2023 22:03:40

Les directrices et directeurs du numérique des cantons latins ont décidé d’agir de concert en matière de souveraine

Attackers Use Containers for Profit via TrafficStealer https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html

26/04/2023 21:29:42

We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.

Linux kernel logic allowed Spectre attack on major cloud https://www.theregister.com/2023/04/14/linux_kernel_spectre_flaw_fixed/

17/04/2023 07:02:47

Kernel 6.2 ditched a useful defense against ghostly chip design flaw

MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/

10/04/2023 18:46:22

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/

09/03/2023 18:42:29

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.

Rackspace Cloud Office suffers security breach https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f

05/12/2022 08:52:08

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

Lastpass says hackers accessed customer data in new breach https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/

01/12/2022 06:55:38

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés https://www.20min.ch/fr/story/des-milliers-de-pme-privees-de-logiciel-de-compta-954997709130

24/11/2022 10:22:25

Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.

Software Delivery Shield protects the software supply chain https://cloud.google.com/blog/products/devops-sre/introducing-software-delivery-shield-from-google-cloud

14/10/2022 13:43:39

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

Azure Cloud Shell Command Injection Stealing User’s Access Tokens https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens

21/09/2022 23:44:32

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ? https://swissprivacy.law/165/

05/09/2022 09:04:24

Dans une prise de position publiée le 13 juin 2022, le Préposé fédéral à la protection des données et à la transparence a estimé que le recours aux services cloud M365 de Microsoft serait susceptible de violer la Loi fédérale sur la protection des données, quand bien même le projet de la Caisse nationale suisse d'assurance en cas d'accidents (SUVA) envisage que les données soient hébergées en Suisse et que le cocontractant du responsable du traitement soit une entité européenne du Groupe Microsoft.

Stealing Clouds https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/

04/09/2022 12:56:29

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

Liens par page

Filtres