https://www.scmagazine.com/topic/cloud-security
SCM feed for Cloud Security
2024-03-29T04:23:48+00:00
https://files.scmagazine.com/logo/scm-horizontal-white-with-resource.png
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved
tag:www.scmagazine.com:post,709550
Apple ID ‘push bombing’ scam campaign hits cyber startup founders
2024-03-27T16:11:56-04:00
Laura French
https://www.scmagazine.com/contributor/laura-french
<p>Attackers trigger hundreds of password reset prompts in an attempt to take over iCloud accounts. </p>
2024-03-27T16:08:30-04:00
(Credit: CDPiC - stock.adobe.com)
tag:www.scmagazine.com:post,699165
Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167
2024-03-28T15:36:10-04:00
Todd Fitzgerald
https://www.scmagazine.com/contributor/todd-fitzgerald
2024-03-26T10:00:00-04:00
tag:www.scmagazine.com:post,708986
Call for 2024 SC Awards nominations
2024-03-28T10:01:32-04:00
Tom Spring
https://www.scmagazine.com/contributor/tom-spring
<p>Starting now we officially welcome your to nominate your top products, solutions and standout individuals.</p>
2024-03-26T08:23:36-04:00
tag:www.scmagazine.com:post,709101
Three flaws added to CISA's known exploited vulnerabilities catalog
2024-03-26T07:50:30-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>All of the vulnerabilities should be remediated by federal agencies by Apr. 15, according to CISA.</p>
2024-03-26T07:50:25-04:00
tag:www.scmagazine.com:post,709069
Raspberry Pi exploited by novel GEOBOX tool
2024-03-26T07:37:44-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Stealthier attacks have been facilitated by threat actors through the utilization of several strategically positioned internet-connected GEOBOX devices.</p>
2024-03-26T07:37:39-04:00
tag:www.scmagazine.com:post,709068
Top.gg, others targeted by software supply chain attack
2024-03-26T07:30:31-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package publication.</p>
2024-03-26T07:30:25-04:00
tag:www.scmagazine.com:post,708486
Thousands of WordPress sites impacted by Sign1 malware campaign
2024-03-22T07:01:54-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Threat actors behind the campaign have deployed brute-force attacks to infiltrate WordPress sites before exploiting HTML widgets and the Simple Custom CSS and JSS plugin to facilitate Sign1 malware injection.</p>
2024-03-22T07:01:49-04:00
tag:www.scmagazine.com:post,708482
F5, ScreenConnect vulnerabilities leveraged in global Chinese cyberattacks
2024-03-22T06:54:35-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>UNC5174, which is believed to be an ex-member of Chinese hacktivist groups Genesis Day and Dawn Calvary, leveraged a flaw, to compromise U.S. defense contractors, UK government organizations, and Asian entities.</p>
2024-03-22T06:54:30-04:00
tag:www.scmagazine.com:post,708252
AWS fixes 1-click Apache Airflow session hijack flaw
2024-03-21T11:42:50-04:00
Laura French
https://www.scmagazine.com/contributor/laura-french
<p>Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS. </p>
2024-03-21T10:09:03-04:00
tag:www.scmagazine.com:post,708224
Automated code vulnerability remediation enabled by new GitHub AI tool
2024-03-21T07:57:27-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Simultaneously leveraging the developer platform's Copilot and CodeQL tools, GitHub's code-scanning autofix feature, which is still in beta, has been touted to address over two-thirds of discovered code bugs.</p>
2024-03-21T07:57:21-04:00
tag:www.scmagazine.com:post,708215
More robust data security aimed by Lookout, Fortra collaboration
2024-03-21T06:58:35-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Aside from providing zero-trust network access, the new solution also features cloud access security broker and secure web gateway capabilities, according to Fortra.</p>
2024-03-21T06:58:30-04:00
tag:www.scmagazine.com:post,708211
Fixes issued for several Atlassian flaws
2024-03-21T06:56:09-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 24 security issues impacting various Atlassian products have been resolved as part of a new round of patches.</p>
2024-03-21T06:56:05-04:00
tag:www.scmagazine.com:post,708192
Immediate patching of critical Ivanti vulnerabilities urged
2024-03-21T06:55:27-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Ivanti has urged organizations to immediately remediate critical vulnerabilities impacting its Standalone Sentry appliance and Neurons for ITSM IT service management solution with available patches.</p>
2024-03-21T06:55:22-04:00
tag:www.scmagazine.com:post,707913
Funding round secures $60M for BigID to exceed $1B valuation
2024-03-20T07:23:58-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such newly secured funds will be allocated toward cybersecurity- and regulatory compliance-focused growth initiatives.</p>
2024-03-20T07:23:53-04:00
tag:www.scmagazine.com:post,707880
Microsoft reportedly ending cloud service access in Russia
2024-03-20T07:20:22-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such termination of Microsoft service access was disclosed by Russian tech firm and major Microsoft distributor Softline.</p>
2024-03-20T07:20:18-04:00
tag:www.scmagazine.com:post,707881
Vulnerability reports to DoD reach 50K
2024-03-20T07:18:58-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such figures indicate 5,000 total reported vulnerabilities in 2023, representing a decline from the 7,349 vulnerability reports processed in 2022.</p>
2024-03-20T07:18:53-04:00
tag:www.scmagazine.com:post,707886
NetSupport RAT distributed in novel phishing campaign
2024-03-20T07:10:04-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Intrusions commence with the delivery of salary-themed phishing emails with a Microsoft Word attachment.</p>
2024-03-20T07:09:59-04:00
tag:www.scmagazine.com:post,707706
Google Firebase may have exposed 125M records from misconfigurations
2024-03-19T14:41:02-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Researchers say they reported their findings to Chattr.ai on Jan. 10, then followed up with a full scan of the internet.</p>
2024-03-19T14:39:22-04:00
Misconfigured Google Firebase websites could have leaked nearly 125 million user records. (Adobe Stock)
tag:www.scmagazine.com:post,707625
International data breaches conducted by Chinese APT
2024-03-19T08:07:14-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Nearly 120 organizations across 45 countries have been subjected to attacks by Chinese advanced persistent threat operation Earth Krahang.</p>
2024-03-19T08:07:00-04:00
tag:www.scmagazine.com:post,707620
Mintlify breach leaks customer GitHub tokens
2024-03-19T07:30:16-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such a security issue within Mintlify's systems facilitated the exposure of its internal admin credentials, which could be leveraged to enable internal endpoint compromise and further data exposure. </p>
2024-03-19T07:30:11-04:00
tag:www.scmagazine.com:post,707471
Shift Left? Let’s meet in the middle
2024-03-18T15:50:09-04:00
Shira Shamban
https://www.scmagazine.com/contributor/shira-shamban
<p>Here’s how we can balance security and development in the cloud.</p>
2024-03-19T06:00:00-04:00