Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

1 jaar geleden

Html
Tekst

The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.

Follow Dark Reading:

March 01, 2023

LATEST SECURITY NEWS & COMMENTARY

Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike's Heels The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed. LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP Separate attacks on two subsidiaries of an Asian conglomerate reflect a surge of cyber-espionage activity in the region in the last 12 months. US Marshals Ransomware Hit Is 'Major' Incident Unknown attackers made off with a raft of PII, the Justice Department says — but witnesses in the protection program are still safe. WannaCry Hero & Kronos Malware Author Named Cybrary Fellow Marcus Hutchins, who set up a "kill switch" that stopped WannaCry's spread, later pled guilty to creating the infamous Kronos banking malware. The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win The war on critical infrastructure demands a better security strategy. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Attackers Were on Network for 2 Years, News Corp Says The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China. As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy. MORE

EDITORS' CHOICE

How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it. LATEST FROM THE EDGE
CISOs Share Their 3 Top Challenges for Cybersecurity Management The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. LATEST FROM DR TECHNOLOGY
Google Adds Client-Side Encryption to Gmail, Calendar The data protection capability is now available across multiple Workspace applications: Gmail, Calendar, Drive, Docs, Slides, Sheets, and Meet.

WEBINARS

Building Out the Best Response Playbook for Ransomware Attacks

When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ...

SecDevOps: The Smart Way to Shift Left

DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ...

View More Dark Reading Webinars >>

WHITE PAPERS

Enable and Protect Your Remote Workforce Why Account Security Doesn't Stop at Login Securing OT, Remote Access and Converged SOC Operations 2022 State of OT Cybersecurity Report Empower Digital Transformation by Protecting Converged IT and OT Forrester Total Economic Impact Report Infographic State of Enterprise Cybersecurity: Invest Now, or Pay Big Later

View More White Papers >>

FEATURED REPORTS

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

10 Hot Talks From Black Hat USA 2022

Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...

How Machine Learning, AI & Deep Learning Improve Cybersecurity

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Hoxhunt Launches Human Risk Management Platform Edgio Strengthens Security Offering With WAAP Enhancements and DDoS Scrubbing Solution Active Digital Identity Apps to Surpass 4.1B by 2027 MORE PRODUCTS & RELEASES MORE PRODUCTS & RELEASES

CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Beyond Washington, DC: The State of State-Based Data Privacy Laws Informationweek.com
9 uren geleden
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
11 uren geleden
Final Chance: Urgent Invite for December 3rd Informationweek.com
12 uren geleden

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines