Hacker News with Generative AI: Cloud Security

Simulating, Detecting and Responding to S3 Ransomware Attacks (raphabot.com)
I am fascinated by the world of possibilities that Cloud Computing enables people and organizations to achieve. When it comes to security, tools and frameworks such as the Shared Responsibility Model make following good security practices easier than ever. I am equally fascinated by new attack vectors that Cloud Computing enables bad actors to achieve, though.

Cloud Security, Ransomware, S3

16 points by pavanyara 18 days ago | 0 comments

AWS Built a Security Tool. It Introduced a Security Risk (token.security)

AWS, Cloud Security, Security Risks

209 points by simplesort 18 days ago | 81 comments

There are perhaps 10k reasons to doubt Oracle Cloud's security breach denial (theregister.com)
Oracle Cloud's denial of a digital break-in is now in clear dispute.

Cloud Security, Oracle, Cybersecurity

46 points by rntn 59 days ago | 0 comments

Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants (cloudsek.com)
CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online. Learn the full scope, risks, and how to respond. Are you worried your organization might be affected? Check your exposure here - https://exposure.cloudsek.com/oracle

Cybersecurity, Data Breaches, Oracle Cloud, Ransomware, Cloud Security

39 points by gnabgib 62 days ago | 17 comments

Someone is claiming to have stolen JKS, SSO, and JPS keys from Oracle Cloud (cyberplace.social)

Cybersecurity, Oracle, Cloud Security

6 points by speckx 63 days ago | 0 comments

Google announces agreement to acquire Wiz (google)
Google LLC today announced it has signed a definitive agreement to acquire Wiz, Inc., a leading cloud security platform headquartered in New York, for $32 billion, subject to closing adjustments, in an all-cash transaction.

Acquisitions, Cloud Security, Technology, Business, Google

221 points by thecybernerd 66 days ago | 5 comments

Alphabet in Talks to Buy Cloud Security Firm Wiz for $33B (bloomberg.com)
Alphabet Inc. is in talks to purchase cloud-security company Wiz Inc. for $33 billion, restarting discussions that were called off last summer after extended negotiations, according to people familiar with the matter.

Alphabet, Cloud Security, Acquisitions, Business, Technology

59 points by JumpCrisscross 67 days ago | 37 comments

Azure's Weakest Link? How API Connections Spill Secrets (binarysecurity.no)
Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs, Defender ATP, to Enterprise Jira and SalesForce servers.

Cloud Security, Azure, APIs, Security Vulnerabilities

137 points by hland 72 days ago | 64 comments

'Uber for nurses' exposes 86k+ medical records, PII in open S3 bucket for months (theregister.com)
More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open S3 bucket for months — or possibly even longer — before it was closed it last week.

Data Breaches, Cybersecurity, Healthcare, Cloud Security

7 points by rntn 73 days ago | 1 comments

Launch HN: SubImage (YC W25) – See your infra from an attacker's perspective (ycombinator.com)
Hi HN! I’m Alex, and along with my co-founder Kunaal, we are thrilled to introduce SubImage (https://subimage.io): a tool that lets your security team fix issues before they’re found by attackers.

Cybersecurity, Cloud Security, Startup, YC W25

135 points by alexchantavy 88 days ago | 31 comments

Implementing a Zero Trust Architecture [pdf] (nist.gov)

Cybersecurity, Networking, Security Architecture, Cloud Security

4 points by teleforce 96 days ago | 1 comments

Volkswagen Data Leak Exposed 800k EV Owners' Movements (carscoops.com)
Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end.

Data Breaches, Privacy, Volkswagen, Electric Vehicles, Cloud Security

8 points by Vinnl 147 days ago | 2 comments

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass (oasis.security)
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

Cybersecurity, Microsoft Azure, MFA, Vulnerabilities, Cloud Security

33 points by doener 162 days ago | 43 comments

Malicious PyPI package with 37,000 downloads steals AWS keys (bleepingcomputer.com)
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.

Security, Python, Cloud Security, AWS, Malware

10 points by sandwichsphinx 195 days ago | 0 comments

Hacked TP-Link routers used in years-long account takeover attacks (arstechnica.com)
Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft’s Azure cloud service, the company warned Thursday.

Cybersecurity, Botnets, Cloud Security, Microsoft Azure, Government Hacking

14 points by crazydoggers 203 days ago | 0 comments

Ask HN: Why is there not more concern about the physical security of Cloudflare? (ycombinator.com)
Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards.

Cloud Security, Serverless Computing, Data Security, Physical Security

90 points by dtquad 218 days ago | 54 comments

A single cloud compromise can feed an army of AI sex bots (krebsonsecurity.com)
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.

Cybersecurity, AI, Cloud Security, Sexbots

73 points by todsacerdoti 232 days ago | 81 comments

Show HN: Valv – Formally Verified KMS Alternative to HashiCorp Vault (github.com/molnett)

Security, Open Source, DevOps, Cloud Security, Alternatives

4 points by bittermandel 233 days ago | 1 comments

AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls.

Cloud Security, AWS, Security, Software

144 points by ingve 239 days ago | 15 comments

Notes on AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls. As pioneers in confidential computing security, we at Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.

Cloud Security, AWS, Security Research, Confidential Computing

20 points by tatersolid 241 days ago | 1 comments

Fortinet admits miscreant got hold of customer data in the cloud (theregister.com)
Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?

Cybersecurity, Data Breaches, Cloud Security

6 points by LinuxBender 250 days ago | 0 comments

Hacking misconfigured AWS S3 buckets: A complete guide (intigriti.com)
AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, data leaks, or other unintended consequences.

Security, AWS, Cloud Security

259 points by yarapavan 256 days ago | 58 comments

Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA (scmagazine.com)

Cybersecurity, AWS, Black Hat, Vulnerabilities, Cloud Security

55 points by noctarius 288 days ago | 19 comments

Threat actor abuses Cloudflare tunnels to deliver remote access trojans (proofpoint.com)

Cybersecurity, Threat Intelligence, Cloud Security

320 points by luu 295 days ago | 163 comments

Show HN: Shadow IT Scan – Uncover SaaS Apps, Users and Risky OAuth Scopes (accessowl.io)

Security, SaaS, Cloud Security, Shadow IT

69 points by mathiasn 296 days ago | 36 comments

WTF Is a Cloud Native Application Protection Platform (Cnapp)? (latio.tech)