New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments
Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.
An attack on the company’s AWS platform may have exposed customers' names and home addresses Exclusive ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud systems.…
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]
Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought
Cloud software slinger admits no guilt, promises better basic security hygiene Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC.…
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. [...]