News in the Cloud category

Proton launches free, privacy-focused Google Docs alternative

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool.
- Bill Toulas
- July 03, 2024
- 06:00 AM
- 0
BBC suffers data breach impacting current, former employees

The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members.
- Bill Toulas
- May 30, 2024
- 10:02 AM
- 0
Microsoft to shut down 50 cloud services for Russian businesses

Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December.
- Bill Toulas
- March 23, 2024
- 10:14 AM
- 2
Hackers abuse Google Cloud Run in massive banking trojan campaign

Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.
- Bill Toulas
- February 21, 2024
- 04:07 PM
- 0
Ongoing Microsoft Azure account hijacking campaign targets executives

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.
- Bill Toulas
- February 12, 2024
- 02:16 PM
- 0
Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
- Bill Toulas
- February 04, 2024
- 10:17 AM
- 0
Hacker spins up 1 million virtual servers to illegally mine crypto

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.
- Bill Toulas
- January 13, 2024
- 10:09 AM
- 4
WordPress hosting service Kinsta targeted by Google phishing ads

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
- Mayank Parmar
- December 17, 2023
- 06:46 PM
- 0
Hackers start exploiting critical ownCloud flaw, patch now

Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments.
- Bill Toulas
- November 28, 2023
- 11:14 AM
- 0
Google Drive users angry over losing months of stored data

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
- Bill Toulas
- November 27, 2023
- 09:52 AM
- 11
Critical bug in ownCloud file sharing app exposes admin passwords

Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
- Bill Toulas
- November 24, 2023
- 01:14 PM
- 3
Hackers exploit Looney Tunables Linux bug, steal cloud creds

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
- Bill Toulas
- November 06, 2023
- 03:26 PM
- 0
QNAP warns of critical command injection flaws in QTS OS, apps

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
- Bill Toulas
- November 06, 2023
- 07:47 AM
- 0
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials

Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
- Bill Toulas
- October 18, 2023
- 06:00 AM
- 0
Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024

Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024.
- Bill Toulas
- October 05, 2023
- 01:06 PM
- 2
Microsoft: Hackers target Azure cloud VMs via breached SQL servers

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
- Bill Toulas
- October 04, 2023
- 10:53 AM
- 0
Hackers exploit MinIO storage system to breach corporate networks

Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.
- Bill Toulas
- September 04, 2023
- 12:45 PM
- 0
Hosting firm says it lost all customer data after ransomware attack

Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites.
- Bill Toulas
- August 23, 2023
- 10:40 AM
- 8
US cyber safety board to analyze Microsoft Exchange hack of govt emails

The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies.
- Bill Toulas
- August 11, 2023
- 01:35 PM
- 0
New Microsoft Azure AD CTS feature can be abused for lateral movement

Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants.
- Bill Toulas
- August 03, 2023
- 06:55 PM
- 1