Hacker News with Generative AI: Cloud Security

There are perhaps 10k reasons to doubt Oracle Cloud's security breach denial (theregister.com)
Oracle Cloud's denial of a digital break-in is now in clear dispute.
Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants (cloudsek.com)
CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle
Someone is claiming to have stolen JKS, SSO, and JPS keys from Oracle Cloud (cyberplace.social)
Google announces agreement to acquire Wiz (google)
Google LLC today announced it has signed a definitive agreement to acquire Wiz, Inc., a leading cloud security platform headquartered in New York, for $32 billion, subject to closing adjustments, in an all-cash transaction.
Alphabet in Talks to Buy Cloud Security Firm Wiz for $33B (bloomberg.com)
Alphabet Inc. is in talks to purchase cloud-security company Wiz Inc. for $33 billion, restarting discussions that were called off last summer after extended negotiations, according to people familiar with the matter.
Azure's Weakest Link? How API Connections Spill Secrets (binarysecurity.no)
Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs, Defender ATP, to Enterprise Jira and SalesForce servers.
'Uber for nurses' exposes 86k+ medical records, PII in open S3 bucket for months (theregister.com)
More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before it was closed it last week.
Launch HN: SubImage (YC W25) – See your infra from an attacker's perspective (ycombinator.com)
Hi HN! I’m Alex, and along with my co-founder Kunaal, we are thrilled to introduce SubImage (https://subimage.io): a tool that lets your security team fix issues before they’re found by attackers.
Implementing a Zero Trust Architecture [pdf] (nist.gov)
Volkswagen Data Leak Exposed 800k EV Owners' Movements (carscoops.com)
Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end.
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass (oasis.security)
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.
Malicious PyPI package with 37,000 downloads steals AWS keys (bleepingcomputer.com)
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.
Hacked TP-Link routers used in years-long account takeover attacks (arstechnica.com)
Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft’s Azure cloud service, the company warned Thursday.
Ask HN: Why is there not more concern about the physical security of Cloudflare? (ycombinator.com)
Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards.
A single cloud compromise can feed an army of AI sex bots (krebsonsecurity.com)
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.
Show HN: Valv – Formally Verified KMS Alternative to HashiCorp Vault (github.com/molnett)
AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls.
Notes on AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls. As pioneers in confidential computing security, we at Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
Fortinet admits miscreant got hold of customer data in the cloud (theregister.com)
Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?
Hacking misconfigured AWS S3 buckets: A complete guide (intigriti.com)
AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, data leaks, or other unintended consequences.
Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA (scmagazine.com)
Threat actor abuses Cloudflare tunnels to deliver remote access trojans (proofpoint.com)
Show HN: Shadow IT Scan – Uncover SaaS Apps, Users and Risky OAuth Scopes (accessowl.io)
WTF Is a Cloud Native Application Protection Platform (Cnapp)? (latio.tech)
ELI5: The CrowdStrike Outage (technically.dev)
SAPwned: SAP AI vulnerabilities expose customers' cloud environments and privat (wiz.io)
A hard look at AWS GuardDuty shortcomings (tracebit.com)
Google on the verge of acquiring cloud security company Wiz for $23B (techcrunch.com)
Well, it's just an AWS Account ID (cloudsecurity.club)
The Snowflake Attack May Be Turning into One of the Largest Data Breaches (wired.com)