7 matches found
The Red Agent POV: How it Reasoned its Way to SSRF
Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...
Introducing Runtime Threat Detection for Google Cloud Run
Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform GCP Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity t...
Banking Trojans Target Latin America and Europe Through Google Cloud Run
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth aka Guildma, Mekotio, and Ousaban aka Javali to targets across Latin America LATAM and Europe. "The infection chain...
TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem
When we talk about the term "fake news," most people likely picture a certain person who made the term infamous. And when we talk about misinformation and disinformation, many will remember the "Russian troll farms" that popped up during the 2016 U.S. presidential election and were unmasked and...
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth aka Guildma, Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increase...
Facebook clickbait leads to money scam for users
Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fa...