Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks. However, there's an … [Read more...] about Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
Service
This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered … [Read more...] about This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion
In conversations with customers about cloud infrastructure, I routinely hear two challenges when it comes to scaling their cloud deployments, these challenges include: Achieving secure connectivity across clouds, virtual private clouds (VPCs), regions, and on-premises networks Ensuring security is baked into the network architecture from the start. As customers grow their … [Read more...] about Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion
Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
May 25, 2024NewsroomMachine Learning / Data Breach Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI … [Read more...] about Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
Dropbox Sign e-signature service hacked
Dropbox has shared the results of an investigation into a hack of its infrastructure. The company doesn’t specify when the incident actually occurred, stating only that the attack was noticed by company employees on April 24. Here, we explain what happened, what data was leaked, and how to protect yourself and your company from the consequences of the incident. Dropbox Sign … [Read more...] about Dropbox Sign e-signature service hacked
Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service
Dec 28, 2023NewsroomCloud Security / Data Protection Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos … [Read more...] about Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service
Istio Roadmap, Ambient Mesh, and the Service Mesh Landscape
In the dynamic landscape of microservices and cloud-native architectures, the role of service meshes has become increasingly crucial. These programmable frameworks empower users to seamlessly connect, secure, and observe their microservices, relieving them of the complexities associated with these critical tasks within their applications. Istio, a leading service mesh project, … [Read more...] about Istio Roadmap, Ambient Mesh, and the Service Mesh Landscape
Announcing Service Map: Troubleshoot With Context and Confidence
Logz.io is excited to announce Service Map, a new way to visualize the data flow, dependencies, and critical performance metrics throughout your microservices architecture, which makes it easy to gather critical troubleshooting context as you investigate production issues.After sending your trace data to Logz.io Open 360™, Service Map automatically discovers and maps your … [Read more...] about Announcing Service Map: Troubleshoot With Context and Confidence
Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
Nov 21, 2023NewsroomRansomware-as-a-service The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following … [Read more...] about Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
Oct 28, 2023NewsroomPrivacy / Data Security New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has issued several new TLS certificates using Let's … [Read more...] about Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service