Cloud Security
Categories
- AI
- Analysis
- China
- Expert Opinions
- Featured
- Gambling
- Latest News
- LockBit
- News
- Aerospace
- Apple
- Arrest
- Automotive
- Big Tech
- Breaking News
- Business Email Compromise
- China
- Chip Technology
- Climate
- Cryptocurrency
- Cyber Budget
- Cyber Espionage
- Cyber M&A
- cybercrime
- Cybergangs
- Cybersecurity Events
- Data Leak
- deepfake
- Energy Sector
- Ethiopia
- European Union
- Finance
- France
- Geopolitics
- Government
- Hacktivism
- Healthcare
- Human Error
- India
- Investment Scam
- Iran
- Israel Conflict
- Malicious Bots
- Malware
- North Korea
- Norton
- One Minute Roundup
- Personal Services
- Phishing
- ransomware
- Retail
- Russia
- SEC
- SMB
- Social Media
- Spyware
- Sri Lanka
- Supply Chain
- Surveillance
- Taiwan
- Telecommunications
- VPN
- Vulnerability
- Wire Fraud
- Workforce Cyber
- One Minute Roundup
- sextortion
- Space
- Spyware
- Threat Intelligence
- Trends
- Uncategorized
High level executives targeted in ongoing attacks
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign. According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.” Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
Cloud security compromised by constant upgrades
There is mounting evidence that companies may have been naive in accepting Big Tech’s optimistic assurances that sensitive data can be stored more securely in the cloud than on the company’s own servers. In its latest Attack Surface Threat report, Silicon Valley-based cybersecurity firm Palo Alto Networks reveals that the cloud has now become “the dominant attack surface”, with four out of five security vulnerabilities observed in organizations across all sectors coming from a cloud environment.