What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Cloud Security

Azure Functions Weakness Allows Privilege Escalation

Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said. A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. . . . Read more

Attackers Blowing Up Discord, Slack with Malware  

One Discord network search turned up 20,000 virus results, researchers found.   Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware. The pandemic-induced shift to remote work . . . Read more

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities. Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. The bugs, tracked as CVE-2020-25099 and CVE-2021-36195, impact QNAP’s model TS-231 network attached . . . Read more

Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk

New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities. Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect . . . Read more

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

The arts-and-crafts retailer left 138GB of sensitive information open to the public internet. Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report. An independent security researcher who goes by the handle “Boogeyman” uncovered the issue and reported it to Motherboard . . . Read more

Security Analysis Clears TikTok of Censorship, Privacy Accusations  

TikTok’s source code is in line with industry standards, security researchers say. Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards . . . Read more

Cyberattacks See Fundamental Changes, A Year into COVID-19

A year after COVID-19 was officially determined to be a pandemic, the methods and tactics used by cybercriminals have drastically changed. COVID-19-related phishing emails, brute-force attacks on remote workers, and a focus on exploiting or abusing collaboration platforms are the hallmarks of cybercriminal enterprise as the coronavirus marks its first . . . Read more