#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Cloud security | Breaking Cybersecurity News | The Hacker News

Category — Cloud security
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Jan 23, 2025 Cloud Security / Cryptojacking
Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th Threat Horizons Report . TRIPLESTRENGTH engages in a trifecta of malicious attacks, including illicit cryptocurrency mining, ransomware and extortion, and advertising access to various cloud platforms, including Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud, and Digital Ocean to other threat actors. Initial access to target cloud instances is facilitated by means of stolen credentials and cookies, some of which originate from Raccoon information stealer infection logs. The hijacked environments are then abused to create compute resources for mining cry...
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Jan 20, 2025 Data Security / Data Monitoring
Every week seems to bring news of another data breach, and it's no surprise why: securing sensitive data has become harder than ever. And it's not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting stricter and more elaborate.  The problem is that while the data landscape has evolved rapidly, the usual strategies for securing that data are stuck in the past. Gone are the days when data lived in predictable places, with access controlled by a chosen few. Today, practically every department in the business needs to use customer data, and AI adoption means huge datasets, and a constant flux of permissions, use cases, and tools. Security teams are struggling to implement effective strategies for securing sensitive data, and a new crop of tools, called data security platforms, have appear...
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Jan 16, 2025Identity Protection / SaaS Security
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks . (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as little as $10 (Source: Verizon). Something doesn't add up. So, what's going on? In this article, we'll cover: What's contributing to the huge rise in account compromises linked to stolen creds and why existing approaches aren't working.  The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives. Recommendations for security teams to stop attackers from using stolen creds to achieve account takeover. Stolen credential-based attacks are on the rise There's clear evidence that identity attacks are now the #1 cyber threat f...
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Jan 14, 2025 SaaS Security / Generative AI
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers. So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. ‍ 1. Modern work runs on SaaS. When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone.  Outside of ...
cyber security

2024: A year of identity attacks | Get the new ebook

websitePush SecurityIdentity Security
Identity attacks were the leading cause of breaches in 2024. Learn how tooling and techniques are evolving.
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Jan 13, 2025 Vulnerability / Cloud Security
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in unauthenticated remote code execution. Put differently, a successful exploitation of the flaw could permit an attacker to inject malicious operating system commands owing to the fact that certain API endpoints do not adequately sanitize user-supplied input. The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996. Jakub Korepta, a security researcher at Polish cybersecurity company Securing, has been credited with discovering and reporting the shortcoming. A proof-of-concept (PoC) exploit has since been made publicly available . Data gathered by the cybersecurity company...
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

Jan 10, 2025 Network Security / Policy Management
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks. These devices often lack robust security hardening, creating significant vulnerabilities that traditional segmentation solutions struggle to address. Elisity aims to solve these challenges through an innovative approach that leverages existing network infrastructure while providing identity-based microsegmentation at the network edge. Rather than requiring new hardware, agents or complex network redesigns, Elisity customers run a few lightweight virtual connectors (called Elisity Virtual Edge) to enforce security policies through organizations' current switching infrastructure. In this hands...
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Jan 04, 2025 Vulnerability / Software Security
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei , a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405 , it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed," according to a description of the vulnerability. "This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template." Nuclei is a vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks to identify security flaws. The scanning engine makes use of templates , wh...
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Jan 02, 2025 Cloud Security / Threat Intelligence
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS CHOLLIMA exemplify the use of cross-domain tactics, leveraging advanced techniques to exploit security gaps across interconnected environments.  The foundation of these attacks is built around the exploitation of legitimate identities. Today's adversaries no longer "break in"; they "log in" – leveraging compromised credentials to gain access and blend seamlessly into their targets. Once inside, they exploit legitimate tools and processes, making them difficult to detect as they pivot across domains and escalate privileges. The Current State of Identity Security The rise in cross-domain...
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Dec 31, 2024 Vulnerability / Cloud Security
Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators over the entire Airflow Azure Kubernetes Service (AKS) cluster," Palo Alto Networks Unit 42 said in an analysis published earlier this month. The vulnerabilities, albeit classified as low severity by Microsoft, are listed below - Misconfigured Kubernetes RBAC in Airflow cluster Misconfigured secret handling of Azure's internal Geneva service, and Weak authentication for Geneva Besides obtaining unauthorized access, the attacker could take advantage of the flaws in the Geneva service to potentially tamper with log data or send fake logs to avoid raising suspicion when c...
Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks

Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks

Dec 25, 2024 Cloud Security / Vulnerability
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices." The operational technology (OT) security company, which carried out an in-depth research of the Internet of Things (IoT) vendor, said it not only identified 10 flaws but also devised an attack called "Open Sesame" that can be used to hack into an access point in close physical proximity over the cloud and gain unauthorized access to its network. Of the 10 vulnerabilities , three of them are rated Critical in...
Top 10 Cybersecurity Trends to Expect in 2025

Top 10 Cybersecurity Trends to Expect in 2025

Dec 23, 2024 Cybersecurity / Threat Intelligence
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here's a closer look at ten emerging challenges and threats set to shape the coming year. 1. AI as a weapon for attackers The dual-use nature of AI has created a great deal of risk to organizations as cybercriminals increasingly harness the power of AI to perpetrate highly sophisticated attacks. AI-powered malware can change its behavior in real-time. This means it can evade traditional methods of detection and find and exploit vulnerabilities with uncanny precision. Automated reconnaissance tools let attackers compile granular intelligence about systems, employees, and defenses of a target at unprecedented scale and speed. AI use also reduces the planning time for a...
Expert Insights / Articles Videos
Cybersecurity Resources