Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
41 résultats taggé cloud  ✕
Objet: Secteur du cloud - État de la menace informatique https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-001/
21/02/2025 17:04:05
QRCode
archive.org

Le Cloud computing, devenu incontournable pour les secteurs public et privé, favorise la transformation numérique mais offre également de nouvelles opportunités d’attaques et problématiques de sécurité pour les organisations qui l’utilisent.

L'ANSSI observe une augmentation des attaques contre les environnements cloud. Ces campagnes d'attaques, menées à des fins lucratives, d'espionnage et de déstabilisation, affectent les fournisseurs de services cloud (Cloud Service Provider, CSP), en partie ciblés pour les accès qu’ils peuvent offrir vers leurs clients. Elles ciblent également les environnements de clients de services cloud, dont l'hybridation des systèmes d'information générée par l'usage du cloud, augmente la surface d'attaque.

cert.ssi.gouv.fr FR 2025 cloud rapport attaques
The State of Cloud Ransomware in 2024 https://www.sentinelone.com/blog/the-state-of-cloud-ransomware-in-2024/
14/11/2024 16:23:36
QRCode
archive.org
thumbnail

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.

sentinelone EN 2024 Ransomware report cloud services
Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities - MacRumors https://www.macrumors.com/2024/10/24/apple-private-cloud-compute-security-info/
25/10/2024 08:13:02
QRCode
archive.org
thumbnail

Private Cloud Compute is a cloud intelligence system that Apple designed for private artificial intelligence processing, and it's what Apple is...

macrumors EN 2024 Apple Cloud Compute private artificial intelligence Bounty processing
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa
21/10/2024 21:14:10
QRCode
archive.org
thumbnail

A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn more.

fortinet EN 2024 Ivanti Cloud Services Appliance CSA CVE-2024-8190
Ivanti warns of three more CSA zero-days exploited in attacks https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/
08/10/2024 18:24:32
QRCode
archive.org
thumbnail

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.

bleepingcomputer EN 2024 Bypass Ivanti Code Command Actively Remote Services Exploited Injection Execution Security Zero-Day CSA Cloud Appliance CVE-2024-9379 CVE-2024-9380 CVE-2024-9381
A Single Cloud Compromise Can Feed an Army of AI Sex Bots https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/
06/10/2024 23:26:24
QRCode
archive.org

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which…

krebsonsecurity EN 2024 Cloud Compromise credentials Cybercriminals AI-powered chat services
Critical flaw in NVIDIA Container Toolkit allows full host takeover https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/
01/10/2024 11:16:27
QRCode
archive.org
thumbnail

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.

bleepingcomputer EN 2024 AI Artificial-Intelligence Cloud Cloud-Security Container-Escape NVIDIA Vulnerability Security InfoSec Computer-Security
Storm-0501: Ransomware attacks expanding to hybrid cloud environments https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
01/10/2024 11:14:18
QRCode
archive.org
thumbnail

Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations.

microsoft EN 2024 Storm-0501 Embargo hybrid-cloud cloud Ransomware
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains https://cyble.com/blog/widespread-cloud-exposure/
21/08/2024 09:22:52
QRCode
archive.org
thumbnail

A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.

cyble EN 2024 Cloud Exposure env AWS extortion
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
15/08/2024 16:40:03
QRCode
archive.org
thumbnail

We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

unit42 EN 2024 Leaked Environment Variables cloud aws extortion
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/
15/08/2024 08:37:48
QRCode
archive.org
thumbnail

Aqua Nautilus researchers discovered a new variant of Gafgyt targeting machines with weak SSH passwords.

aquasec EN 2024 Gafgyt Malware SSH passwords botnet GPU Power cloud
Private Cloud Compute: A new frontier for AI privacy in the cloud https://security.apple.com/blog/private-cloud-compute/
11/06/2024 06:41:58
QRCode
archive.org

Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.

apple EN 2024 WWDC Apple Security Research cloud AI PCC privacy architecture
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite https://techcrunch.com/2024/06/04/microsoft-hit-with-eu-privacy-complaints-over-schools-use-of-365-education-suite/
09/06/2024 16:30:38
QRCode
archive.org
thumbnail

Microsoft's education-focused flavor of its cloud productivity suite, Microsoft 365 Education, is facing investigation in the European Union. Privacy

techcrunch EN 2024 Microsoft privacy schools cloud EU noyb Austri GDPR
Vulnerability in Cisco Webex cloud service exposed government authorities, companies https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
05/06/2024 22:46:17
QRCode
archive.org
thumbnail

A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.

helpnetsecurity EN 2024 Vulnerability Cisco Webex cloud service exposed government
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data https://www.enea.com/insights/exploiting-the-cloud-how-sms-scammers-are-using-amazon-google-and-ibm-cloud-services-to-steal-customer-data/
25/05/2024 22:06:37
QRCode
archive.org
thumbnail

Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information

enea EN 2024 SMS scammers IBM Cloud Services Amazon Google
Microsoft could have prevented Chinese cloud email hack, US cyber report says https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-email-hack-china-us-cyber-report
03/04/2024 22:54:04
QRCode
archive.org
thumbnail

Microsoft needs a security culture overhaul, a US report concludes. The software giant could have prevented a cloud email hack in 2023.

theverge EN 2024 Microsoft cloud email cascade-of-security-failures Storm0558 DHS
Internet Society veut empêcher Microsoft d'héberger les données de santé des Français https://siecledigital.fr/2024/02/16/internet-society-veut-empecher-microsoft-dheberger-les-donnees-de-sante-des-francais/
22/02/2024 09:42:04
QRCode
archive.org
thumbnail

Un ONG dépose un recours auprès du Conseil d'État pour empêcher Microsoft d'héberger les données de santé des Français.

siecledigital FR 2024 souveraineté cloud Microsoft France ONG
Leaky Vessels flaws allow hackers to escape Docker, runc containers https://www.bleepingcomputer.com/news/security/leaky-vessels-flaws-allow-hackers-to-escape-docker-runc-containers/
04/02/2024 16:43:29
QRCode
archive.org
thumbnail

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.

The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.

Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

bleepingcomputer EN 2024 Cloud Container Container-Escape Docker Leaky-Vessels Vulnerability CVE-2024-21626 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653
Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms https://www.sentinelone.com/labs/predator-ai-chatgpt-powered-infostealer-takes-aim-at-cloud-platforms/
08/11/2023 19:02:52
QRCode
archive.org
thumbnail

An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.

sentinelone EN 2023 PredatorAI infostealer Telegram cloud
Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska https://www.washingtonpost.com/technology/2023/08/14/microsoft-china-hack-congress/
20/08/2023 18:17:05
QRCode
archive.org
thumbnail

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.

washingtonpost EN 2023 US Microsoft cloud DonBacon FBI emails hacked outlook China
page 1 / 3
4258 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio