Lucene search
K

44 matches found

Packet Storm News
Packet Storm News
added 2025/09/19 12:0 a.m.8 views

Future-Proofing Cloud Security against Quantum Attacks: Risk, Transition, and Mitigation Strategies

Quantum Computing QC introduces a transformative threat to digital security, with the potential to compromise widely deployed classical cryptographic systems. This survey offers a comprehensive and systematic examination of quantumsafe security for Cloud Computing CC, focusing on the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/12 9:4 p.m.7 views

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/05 12:0 a.m.5 views

Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management

Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/27 5:21 a.m.8 views

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service DDoS campaign that leverages vulnerabilities and misconfigurations in Internet of Things IoT devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/26 6:18 a.m.35 views

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control C2. Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which ...

7.8CVSS8.1AI score0.97798EPSS
Exploits49
Rapid7 Blog
Rapid7 Blog
added 2024/07/08 8:0 p.m.11 views

Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions

Exciting news from Australia! Rapid7 has successfully completed an Information Security Registered Assessors Program IRAP assessment to PROTECTED Level for several of our Insight Platform solutions. What is IRAP? An IRAP assessment is an independent assessment of the implementation,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/19 4:0 p.m.5 views

Expanded Coverage and New Attack Path Visualizations Help Security Teams Prioritize Cloud Risk and Understand Blast Radius

Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud h...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/11/07 11:57 a.m.31 views

Navigating the Sea, Exploiting DigitalOcean APIs

Cloud service providers are now fundamental elements of internet infrastructure, granting organizations and individuals the ability to scale and efficiently store, manage, and process data. DigitalOcean is one such provider, well-regarded for its simplicity and developer-friendly platform, and...

6.6AI score
Exploits0
hivepro
hivepro
added 2023/11/07 8:23 a.m.58 views

Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as "Looney Tunables CVE-2023-4911" as part of a new campaign aimed at breaching cloud...

4.3CVSS7.2AI score0.81422EPSS
Exploits26
The Hacker News
The Hacker News
added 2023/10/12 1:17 p.m.34 views

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called...

7.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/10/05 9:33 p.m.42 views

Breaking down barriers: Redefining the FedRAMP® journey for cloud service providers

Since the passing of the FedRAMP Authorization Act last December, inquiries about navigating FedRAMP's complex landscape have surged. Recognizing this, Coalfire is pioneering a new pathway to streamline the FedRAMP authorization process, making it more accessible for cloud service providers...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/27 1:25 p.m.148 views

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% o...

8.8CVSS7.8AI score0.43988EPSS
Exploits55
The Coalfire Blog
The Coalfire Blog
added 2023/06/08 8:55 p.m.16 views

What are the impacts of FedRAMP® Rev. 5?

The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/12/19 8:54 p.m.13 views

FedRAMP just got better – and is here to stay

Today, President Biden signed the National Defense Authorization Act NDAA, taking a giant step forward in securing the federal governments cloud-first mission. The FedRAMP® Federal Risk and Authorization Management Program Authorization Act, outlined in section 5921 of the NDAA, formalizes the...

3.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/15 12:14 a.m.13 views

Threat and vulnerability management - No time for complacency

There was some very good news in Coalfires 4th Annual Penetration Risk Report. Most notable was that high-risk vulnerabilities have been cut almost in half since 2018 when we first began reporting our pen testing research derived from thousands of direct client engagements. Also of note, the larg...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/02 7:51 p.m.16 views

FedRAMP® CSPs face a new challenge meeting FIPS Compliance

The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...

1.5AI score
Exploits0
Wiz blog
Wiz blog
added 2022/06/09 5:38 a.m.8 views

The cloud gray zone—secret agents installed by cloud service providers

Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors...

6.8AI score
Exploits0
HackRead
HackRead
added 2022/05/05 5:5 p.m.18 views

India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

By Deeba Ahmed The Indian government recently passed a new law that mandates all internet service providers to collect and store… This is a post from HackRead.com Read the original post: India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers...

3.6AI score
Exploits0
ThreatPost
ThreatPost
added 2022/04/26 11:38 a.m.38 views

Nation-state Hackers Target Journalists with Goldbackdoor Malware

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believ...

7.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/10/26 12:0 a.m.4 views

PT-2021-23636

ParsedReport CompletenessLow 07-10-2025 Crimson Collective: A New Threat Group Observed Operating in the Cloud https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud Report completeness: Low Actors/Campaigns: Crimson collective Threats: Truffleho...

6.9AI score
Exploits0References4
Rows per page
Query Builder