UNC6692 Combines Social Engineering, Malware, Cloud Abuse
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.
In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.
An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.
The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.
Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.
Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.
The company has jettisoned hundreds of thousands of unused apps and millions of unused tenants as part of its Secure Future Initiative.
A server-side forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30.
The Cloud Safe Task Force aims to unite the US government and cloud service providers, like Amazon, Google, IBM, Microsoft, and Oracle, to provide a "National Cyber Feed": a continuous threat-monitoring tool for federal agencies.
Microsoft researchers discover an old-timey scam with a facelift for the cloud era: hacking retailers' portals to make it rain gift cards.