Search cyberveille.decio.ch

Found 75 bookmarks

Custom sorting

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

#bleepingcomputer #EN #2024 #Cloud #Container #Container-Escape #Docker #Leaky-Vessels #Vulnerability #CVE-2024-21626 #CVE-2024-23651 #CVE-2024-23652 #CVE-2024-23653

·bleepingcomputer.com·Feb 4, 2024

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.

#20min #FR #CH #2022 #Winbiz #inforpro #piratage #cloud #hébergeur

·20min.ch·Nov 24, 2022

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Denmark: Datatilsynet publishes guidance on use of cloud technologies

The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF

#Denmark #dataguidance #EN #2022 #guidance #cloud #privacy #legal #EU #Datatilsynet

·dataguidance.com·Mar 11, 2022

Denmark: Datatilsynet publishes guidance on use of cloud technologies

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.

#20min #FR #CH #2022 #Winbiz #inforpro #piratage #cloud #hébergeur

·20min.ch·Nov 24, 2022

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Denmark: Datatilsynet publishes guidance on use of cloud technologies

#Denmark #dataguidance #EN #2022 #guidance #cloud #privacy #legal #EU #Datatilsynet

·dataguidance.com·Mar 11, 2022

Denmark: Datatilsynet publishes guidance on use of cloud technologies

Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms

An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.

#sentinelone #EN #2023 #PredatorAI #infostealer #Telegram #cloud

·sentinelone.com·Nov 8, 2023

Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.

#washingtonpost #EN #2023 #US #Microsoft #cloud #DonBacon #FBI #emails #hacked #outlook #China

·washingtonpost.com·Aug 20, 2023

Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska

Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry

A US cybersecurity advisory panel will investigate risks in cloud computing, including Microsoft Corp.’s role in a recent breach of government officials’ email accounts by suspected Chinese hackers, according to two people familiar with the matter. The Cyber Safety Review Board, which was created by the Biden administration to investigate major cybersecurity events, will focus on risks to cloud computing infrastructure broadly, including identity and authentication management, and will examine all relevant cloud service providers, according to a Department of Homeland Security official. The issue was brought into focus by the breach of Microsoft’s email systems, the official said. Both people asked not to be named so they could discuss sensitive information.

#Bloomberg #EN #2023 #Microsoft #cloud #investigate #US #Email #Breach #Inquiry

·archive.ph·Aug 12, 2023

Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).

#tenable #2023 #EN #cross-tenant #Cloud #Microsoft-Power #Platform

·tenable.com·Aug 4, 2023

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

Microsoft…The Truth Is Even Worse Than You Think

Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chine

#Amit-Yoran #Microsoft #tenable #transparency #Azure #complaint #Cloud

·linkedin.com·Aug 4, 2023

Microsoft…The Truth Is Even Worse Than You Think

Cryptojacking: Understanding and defending against cloud compute resource abuse

Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse.

#microsoft #en #2023 #report #cryptojacking #cloud #defending

·microsoft.com·Jul 26, 2023

Cryptojacking: Understanding and defending against cloud compute resource abuse

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.

#20min #FR #CH #2022 #Winbiz #inforpro #piratage #cloud #hébergeur

·20min.ch·Nov 24, 2022

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Denmark: Datatilsynet publishes guidance on use of cloud technologies

#Denmark #dataguidance #EN #2022 #guidance #cloud #privacy #legal #EU #Datatilsynet

·dataguidance.com·Mar 11, 2022

Denmark: Datatilsynet publishes guidance on use of cloud technologies

MOVEit Transfer and MOVEit Cloud Vulnerability

This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates. CVE-PENDING (June 9, 2023) CVE-2023-34362 (May 31, 2023)

#progress.com #EN #2023 #CVE-2023-34362 #MOVEit #Cloud

·progress.com·Jun 11, 2023

MOVEit Transfer and MOVEit Cloud Vulnerability

Vulnerability in GCP CloudSQL Leads to Data Exposure

The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure

#dig.security #EN #2023 #cloud #GCP #CloudSQL #leak #exposure #Google #Cloud #PII

·dig.security·May 28, 2023

Vulnerability in GCP CloudSQL Leads to Data Exposure

«Cloud souverain»: les cantons latins avancent groupés et font un appel du pied à la Confédération

Les directrices et directeurs du numérique des cantons latins ont décidé d’agir de concert en matière de souveraine

#ictjournal #FR #2023 #CH #cloud #souverain #cantons #Confédération #cloud-souverain

·ictjournal.ch·May 12, 2023

«Cloud souverain»: les cantons latins avancent groupés et font un appel du pied à la Confédération

Attackers Use Containers for Profit via TrafficStealer

We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.

#trendmicro #EN #2023 #cloud #report #Containers #TrafficStealer #docker

·trendmicro.com·Apr 26, 2023

Attackers Use Containers for Profit via TrafficStealer

Linux kernel logic allowed Spectre attack on major cloud

Kernel 6.2 ditched a useful defense against ghostly chip design flaw

#theregister #EN #2023 #Spectre #Kernel #Linux #cloud

·theregister.com·Apr 17, 2023

Linux kernel logic allowed Spectre attack on major cloud

MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

#microsoft #EN #2023 #MERCURY #DEV-1084 #analysis #cloud #hybrid #environment #Iran #TTPs #operation

·microsoft.com·Apr 10, 2023

MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.

#sysdig #EN #2023 #SCARLETEEL #cloud #Kubernetes #Terraform #AWS #Data-Theft

·sysdig.com·Mar 9, 2023

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

Rackspace Cloud Office suffers security breach

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

#doublepulsar #EN #2022 #Rackspace #Cloud #Office #breach #Exchange

·doublepulsar.com·Dec 5, 2022

Rackspace Cloud Office suffers security breach

Lastpass says hackers accessed customer data in new breach

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.

#bleepingcomputer #EN #2022 #lastpass #GoTo #breach #cloud

·bleepingcomputer.com·Dec 1, 2022

Lastpass says hackers accessed customer data in new breach

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Victime du piratage de son hébergeur cloud, le logiciel de gestion d'entreprise Winbiz ne peut pas être utilisé depuis lundi. Le retour à la normale prendra du temps.

#20min #FR #CH #2022 #Winbiz #inforpro #piratage #cloud #hébergeur

·20min.ch·Nov 24, 2022

Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés

Software Delivery Shield protects the software supply chain

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

#google #EN #blog #cloud #supplychain #supply-chain #solution #dev #shield #announcement

·cloud.google.com·Oct 14, 2022

Software Delivery Shield protects the software supply chain

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

#lightspin #EN #2022 #Azure #Cloud #Shell #injection #terminals #IoCs #Analysis #Tokens #steal

·blog.lightspin.io·Sep 21, 2022

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?

Dans une prise de position publiée le 13 juin 2022, le Préposé fédéral à la protection des données et à la transparence a estimé que le recours aux services cloud M365 de Microsoft serait susceptible de violer la Loi fédérale sur la protection des données, quand bien même le projet de la Caisse nationale suisse d'assurance en cas d'accidents (SUVA) envisage que les données soient hébergées en Suisse et que le cocontractant du responsable du traitement soit une entité européenne du Groupe Microsoft.

#swissprivacy #FR #2022 #CH #Suisse #Préposé-fédéral #Microsoft #cloud #protection #données #Cloud-Act

·swissprivacy.law·Sep 5, 2022

Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?

Stealing Clouds

Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

#Reuters #2019 #Chinese #APT10 #Cloud #attack #Cloud-Hopper #Ericsson #IBM #HP

·reuters.com·Sep 4, 2022

Stealing Clouds

8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts

Low-level crimeware gang has been exploiting misconfigured and publicly accessible Docker and other cloud instances with roaring success.

#sentinelone #EN #2022 #8220 #Mining #Group #8220Gang #docker #cloud #crimeware

·sentinelone.com·Jul 22, 2022

8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts

Denmark: Datatilsynet publishes guidance on use of cloud technologies

#Denmark #dataguidance #EN #2022 #guidance #cloud #privacy #legal #EU #Datatilsynet

·dataguidance.com·Mar 11, 2022

Denmark: Datatilsynet publishes guidance on use of cloud technologies

La commission veut renforcer la cybersécurité et l’indépendance de la Suisse

La Commission de la politique de sécurité du Conseil national propose de modifier la législation afin que la Confédération puisse créer, en collaboration avec les cantons, les hautes écoles, les établissements de recherche et les entreprises suisses, une infrastructure numérique indépendante. Elle estime par ailleurs qu’il y a lieu de définir des normes pour la gestion de la sécurité. La commission a donné suite à une initiative parlementaire en ce sens.

#CH #2022 #FR #cybersécurité #souveraine #cloud #gouvernance #souveraineté

·parlament.ch·Feb 16, 2022

La commission veut renforcer la cybersécurité et l’indépendance de la Suisse