Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants(cloudsek.com) CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle
Google announces agreement to acquire Wiz(google) Google LLC today announced it has signed a definitive agreement to acquire Wiz, Inc., a leading cloud security platform headquartered in New York, for $32 billion, subject to closing adjustments, in an all-cash transaction.
221 points by thecybernerd 15 days ago | 5 comments
Alphabet in Talks to Buy Cloud Security Firm Wiz for $33B(bloomberg.com) Alphabet Inc. is in talks to purchase cloud-security company Wiz Inc. for $33 billion, restarting discussions that were called off last summer after extended negotiations, according to people familiar with the matter.
59 points by JumpCrisscross 15 days ago | 37 comments
Azure's Weakest Link? How API Connections Spill Secrets(binarysecurity.no) Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs, Defender ATP, to Enterprise Jira and SalesForce servers.
Volkswagen Data Leak Exposed 800k EV Owners' Movements(carscoops.com) Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end.
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass(oasis.security) Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.
10 points by sandwichsphinx 143 days ago | 0 comments
Hacked TP-Link routers used in years-long account takeover attacks(arstechnica.com) Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft’s Azure cloud service, the company warned Thursday.
14 points by crazydoggers 151 days ago | 0 comments
Ask HN: Why is there not more concern about the physical security of Cloudflare?(ycombinator.com) Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards.
A single cloud compromise can feed an army of AI sex bots(krebsonsecurity.com) Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.
4 points by bittermandel 181 days ago | 1 comments
AWS Nitro Enclaves: Attack Surface(trailofbits.com) In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls.
Notes on AWS Nitro Enclaves: Attack Surface(trailofbits.com) In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls. As pioneers in confidential computing security, we at Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.
Hacking misconfigured AWS S3 buckets: A complete guide(intigriti.com) AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, data leaks, or other unintended consequences.