AI Gateways Offer Attackers the Keys to the Kingdom
A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data.
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.
The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.
Cybercriminal groups are targeting misconfigured Docker and Kubernetes clusters — or just automating the sign-up process for free trial accounts — to build infrastructure for cryptomining.
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.