Solar Power Installations Worldwide Open to Cloud API Bugs
The weaknesses gave attackers an avenue to take over millions of photovoltaic devices connected to Solarman and Deye's cloud-hosted management systems.
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
The weaknesses gave attackers an avenue to take over millions of photovoltaic devices connected to Solarman and Deye's cloud-hosted management systems.
Why run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs? Black Hat State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons.…
Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.
Cybersecurity startup RAD Security, a finalist in this year's Black Hat USA Startup Spotlight competition, looks for "drift events," or events that vary from the baseline.
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021
In the cloud, patches disseminate automatically. On your computer, you get notified. IoT devices, meanwhile, can escape attention for years on end.
Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings