Monday, October 7, 2024

Cloud

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code.Cloud computing is the shared responsibility of the...

TeamTNT Hackers Attacking VPS Servers Running CentOS

TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies...

CloudSOC – An OpenSource Project for SOC & Security Analysts

Security Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead of potential attacks.Enter CloudSOC, an open-source project designed to...

Hackers Exploited Digital Advertising Tools to Launch Malicious Campaigns

Cybersecurity researchers from Mandiant and Google Cloud have uncovered a sophisticated scheme where hackers exploit digital advertising tools to conduct malicious campaigns.These tools, originally...

Hackers Abusing Google Cloud For Phishing

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted due to its extensive and powerful resources, which could be...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations in the way different web servers or intermediaries, such as...

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains a single executable disguised as an Excel file using Left-To-Right...

Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw.Many big cloud providers use...

New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers

Researchers have identified a new form of cyberattack termed "LLMjacking," which exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs).This sophisticated attack...

Attackers Leverage Sidecar Container Injection Technique To Stay Stealthy

Kubernetes (K8s) is an open-source container orchestration platform designed to automate application container deployment, scaling, and running. Containers are isolated software packages that are lightweight...

Ahoi Attacks – New Attack Breaking VMs With Malicious Interrupts

Ahoy, which is often associated with communicating to ships, has now been playfully adopted in pirate language.We coin 'Ahoi,' an anagram of 'Iago,'...