Microsoft Entra ID Detailing out
Microsoft has announced that it will soon rebrand Azure Active Directory as Entra ID. The name change will be effective gradually from second half of 2023. The Microsoft Entra suite is designed…
Scarleteel targets AWS Fargate and Kubernetes
Researchers have spotted a threat actor dubbed Scarleteel with new advanced capabilities that now let it target the container automation tool AWS Fargate, as well as launch DDoS-as-a-Service campaigns. The…
XSS Flaw in Azure Services
Researchers identified two cloud related vulnerabilities in Azure Bastion and Azure Container Registry, which allowed an attacker to achieve cross-site scripting by using iframe-postMessages [and] allowed unauthorized access to the…
CrowdStrike Platform Enhancements
CrowdStrike have announced new features to its Falcon platform that will help companies more effectively protect their cloud environments from hackers. Falcon protects billions of software containers for customers. Across…
UNC3944 Abuses Azure leveraging SIM Swapping attacks
Researchers have spotted a threat actor known by the name UNC3944 and were observed abusing privileged accounts to access the Microsoft Azure Serial Console. UNC3944 has bypassed many of the…
Microsoft Fixes Azure API Vulnerabilities
Microsoft has patched vulnerabilities in the Azure API Management service, which includes two server-side Request forgery vulnerabilities and a file upload path traversal on an internal Azure workload. The vulnerabilities…
GhostToken Exposes GCP
Researchers have detailed on a zero-day vulnerability called GhostToken that could let threat actors gain unremovable access to a victim's Google account by converting an authorized third-party app into a…
Legion Abuses Cloud in its Attack
Researchers have identified a tool dubbed as Legion that can scan Shodan to identify misconfigured cloud servers and then take over SMTP email marketing programs or launch phishing campaigns. Legion…