Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

HackRead
Open in Source
#web#amazon#git#intel#aws
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3

Duping Cloud Functions: An emerging serverless attack vector

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.

Anonymous Hackers Steal Flight Data from US Deportation Airline GlobalX

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents.

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.

The dual challenge: Security and compliance

Security leaders must address both internal and external risks, ranging from sophisticated cyberattacks to insider threats. At the same time, they must also adhere to an ever-growing list of regulations, including the General Data Protection Regulation (GDPR), the EU Cyber Resilience Acts (CRA) and industry-specific mandates like Payment Card Industry Data Security Standard (PCI DSS) and the Digital Operational Resilience Act (DORA). Balancing these concerns requires a strategic approach that integrates security and compliance without compromising operational efficiency.External threatsCybercr

New Cloud Vulnerability Data Shows Google Cloud Leads in Risk

New research shows Google Cloud and smaller providers have the highest cloud vulnerability rates as compared to AWS…

Chat App Used by Trump Admin Suspends Operation Amid Hack

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…

Employee monitoring app exposes users, leaks 21+ million screenshots

WorkComposer, an employee monitoring app, has leaked millions of screenshots through an unprotected AWS S3 bucket.