Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.
Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. [...]
An ongoing heatwave in the United Kingdom has led to Google Cloud and Oracle Cloud outages after cooling systems failed at the companies' data centers. [...]
State-backed hackers part of Russia's Federation Foreign Intelligence Service (SVR) have switched, for the first time, to using legitimate cloud storage services such as Google Drive to evade detection. [...]
Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system
ESET discovery highlights new targeted espionage campaign
Cloud Security Alliance claims most are already storing sensitive data there
Plus: Weibo cracks down on political puns; Singaporean crypto biz Vauld restructures; Philippines fights Facebook rumors Asia In Brief Senior execs from Alibaba Cloud were summoned to discuss the data leak that saw information pertaining to a billion Chinese citizens sold on the dark web, according to Nikkei and The Wall Street Journal.…