CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys 6,134 people reacted CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys By William Gamazo and Nathaniel Quist October 30, 2023 at 4:40 AM 22 15 min. read
When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability 5,752 people reacted When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability By Margaret Zimmermann August 10, 2023 at 3:15 PM 16 13 min. read
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm 9,075 people reacted P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm By William Gamazo and Nathaniel Quist July 19, 2023 at 10:00 AM 15 11 min. read
Six Malicious Python Packages in the PyPI Targeting Windows Users 6,625 people reacted Six Malicious Python Packages in the PyPI Targeting Windows Users By Shaul Ben Hai July 11, 2023 at 6:00 AM 16 11 min. read
Detecting Popular Cobalt Strike Malleable C2 Profile Techniques 18,315 people reacted Detecting Popular Cobalt Strike Malleable C2 Profile Techniques By Durgesh Sangvikar, Matthew Tennis, Chris Navarrete, Yanhui Jia, Yu Fu and Nina Smith June 27, 2023 at 3:00 PM 18 6 min. read
Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad 39,150 people reacted Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad By Aviv Sasson June 2, 2023 at 6:00 AM 9 5 min. read
Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface 72,944 people reacted Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface By Unit 42 April 18, 2023 at 3:00 AM 28 4 min. read
Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms 66,575 people reacted Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms By Yuval Avrahami January 27, 2023 at 6:00 AM 30 9 min. read
Security Issue in JWT Secret Poisoning (Updated) 130,243 people reacted Security Issue in JWT Secret Poisoning (Updated) By Artur Oleyarsh January 9, 2023 at 6:00 AM 56 8 min. read
PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources 60,334 people reacted PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources By William Gamazo and Nathaniel Quist January 5, 2023 at 6:00 AM 13 10 min. read
Digging Inside Azure Functions: HyperV Is the Last Line of Defense 52,371 people reacted Digging Inside Azure Functions: HyperV Is the Last Line of Defense By Daniel Prizmant and Aviv Sasson December 15, 2022 at 6:00 AM 9 10 min. read
Compromised Cloud Compute Credentials: Case Studies From the Wild 54,530 people reacted Compromised Cloud Compute Credentials: Case Studies From the Wild By Dror Alon December 8, 2022 at 3:00 PM 46 9 min. read
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server 62,212 people reacted Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server By Artur Avetisyan November 10, 2022 at 6:00 AM 9 5 min. read
IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation 57,754 people reacted IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation By Jay Chen July 25, 2022 at 6:00 AM 35 6 min. read
FabricScape: Escaping Service Fabric and Taking Over the Cluster 62,256 people reacted FabricScape: Escaping Service Fabric and Taking Over the Cluster By Aviv Sasson June 28, 2022 at 4:30 PM 38 10 min. read
