What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Cloud Security

Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign

Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations. Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise (BEC) campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under . . . Read more

REvil Hits US Nuclear Weapons Contractor: Report

“We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)” REvil reportedly wrote. Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA), last month . . . Read more

Microsoft: Big Cryptomining Attacks Hit Kubeflow

Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters. Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The . . . Read more

Then and Now: Securing Privileged Access Within Healthcare Orgs

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape. Healthcare organizations have always been high-value targets for cybercriminals, as their networks store large volumes of personally identifiable information (PII) including Social Security numbers, dates of birth, addresses . . . Read more

Building Multilayered Security for Modern Threats

Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture. Considering recent announcements of major attacks caused by external malicious actors, including a  ransomware attack on a U.S. gasoline pipeline, the need for increased security posture is as important as ever, and multilayered . . . Read more

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling

Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities. Threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems. The Japan-based tech giant temporarily . . . Read more

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues

David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous proposition: “Mistakes will be made, creating opportunities for our adversaries. It’s no secret that foreign adversaries are making a concerted effort to target U.S. government agencies and companies. As technology advances and foreign superpowers . . . Read more