Cloud - Unit42

8,014

people reacted

Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations

By Ken Hsu, Vaibhav Singhal and Zhibin Zhang
April 8, 2021 at 12:29 PM

5 min. read

Cover image for the Unit 42 Cloud Threat Report, 1H 2021, which covers trends in issues related to cloud security.

8,322

people reacted

Highlights from the Unit 42 Cloud Threat Report, 1H 2021

By Unit 42
April 6, 2021 at 3:00 AM

2 min. read

This conceptual image represents containers. Container images are a simple way to distribute software – and that can include the malicious cryptojacking images discussed here.

20,100

people reacted

20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub

By Aviv Sasson
March 26, 2021 at 6:00 AM

5 min. read

This conceptual image illustrates cryptojacking, such as the WatchDog cryptojacking compaign discussed in this blog.

21,140

people reacted

WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

By Nathaniel Quist
February 17, 2021 at 6:00 AM

16 min. read

This conceptual image covers the concept of container security. Attacks on containers, such as that of the Hildegard malware detailed here, can allow attackers access to a large amount of computing resources.

38,631

people reacted

Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

By Jay Chen, Aviv Sasson and Ariel Zelivansky
February 3, 2021 at 6:00 AM

10 min. read

25,721

people reacted

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

By Aviv Sasson
January 28, 2021 at 6:00 AM

7 min. read

This conceptual image illustrates the concept of cloud providers.

22,545

people reacted

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

By Michael Bailey
January 12, 2021 at 6:00 AM

6 min. read

A conceptual image illustrating finding vulnerabilities on the web. IAMFinder is a custom open source tool that can help organizations identify information leakage in AWS accounts.

27,813

people reacted

IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance

By Jay Chen
November 19, 2020 at 12:00 PM

6 min. read

This conceptual image illustrates some of the security and configuration issues involved with the cloud, such as the issue with AWS resource-based policy APIs discussed here.

35,857

people reacted

Information Leakage in AWS Resource-Based Policy APIs

By Jay Chen
November 17, 2020 at 3:00 AM

6 min. read

The conceptual image illustrates the idea of the risks that misconfigured IAM roles can pose for cloud workloads.

25,816

people reacted

Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads

By Jay Chen
October 8, 2020 at 6:00 AM

15 min. read

This conceptual image illustrates the role of Cloud Service Providers (CSPs) in cloud security.

21,860

people reacted

Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services

By Nathaniel Quist
October 7, 2020 at 6:00 AM

7 min. read

This conceptual image illustrates the concept of misconfigurations in the cloud. IAM misconfigurations are a key concern outlined in the Unit 42 Cloud Threat Report, 2H 2020.

28,109

people reacted

Highlights from the Unit 42 Cloud Threat Report, 2H 2020

By Unit 42
October 6, 2020 at 3:00 AM

3 min. read

This conceptual image illustrates the concept of cryptojacking, a technique used by Black-T

24,472

people reacted

Black-T: New Cryptojacking Variant from TeamTNT

By Nathaniel Quist
October 5, 2020 at 6:00 AM

10 min. read

This illustrates the concept of container security.

19,891

people reacted

The Challenge of Persistence in Containers and Serverless

By Ariel Zelivansky
September 10, 2020 at 6:00 AM

6 min. read

Cryptomining, as illustrated here, is one of the goals of Cetus, a cryptojacking worm.

18,766

people reacted

Cetus: Cryptojacking Worm Targeting Docker Daemons

By Aviv Sasson
August 27, 2020 at 6:00 AM

5 min. read

A conceptual image illustrating research into Kubernetes security.

32,707

people reacted

Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)

By Yuval Avrahami and Ariel Zelivansky
July 27, 2020 at 6:00 AM

7 min. read

36,127

people reacted

Attackers Cryptojacking Docker Images to Mine for Monero

By Ashutosh Chitwadgi and Rahul Rajewar
June 25, 2020 at 3:00 AM

6 min. read

32,414

people reacted

Rootless Containers: The Next Trend in Container Security

By Aviv Sasson
May 26, 2020 at 6:00 AM

6 min. read

22,043

people reacted

COVID-19 Themed Malware Within Cloud Environments

By Nathaniel Quist
May 11, 2020 at 7:54 AM

9 min. read

25,916

people reacted

COVID-19: Cloud Threat Landscape

By Jay Chen
May 4, 2020 at 6:00 AM

6 min. read

29,041

people reacted

Unit 42 CTR: Leaked Code from Docker Registries

By Jay Chen
February 7, 2020 at 6:00 AM

7 min. read

24,880

people reacted

Unit 42 CTR: Sensitive Data Exposed in GitHub

By Nathaniel Quist
February 6, 2020 at 6:00 AM

7 min. read

25,132

people reacted

Unit 42 Cloud Threat Report: Spring 2020

By Unit 42
February 5, 2020 at 3:00 AM

3 min. read

23,457

people reacted

Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed

By Jay Chen
January 29, 2020 at 6:00 AM

10 min. read

34,431

people reacted

What I Learned from Reverse Engineering Windows Containers

By Daniel Prizmant
December 12, 2019 at 6:00 AM

8 min. read

24,214

people reacted

TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks

By Bryan Lee, Brittany Barbehenn and Mike Harbison
December 9, 2019 at 6:00 AM

7 min. read

21,782

people reacted

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

By Jay Chen
November 26, 2019 at 6:00 AM

9 min. read

50,734

people reacted

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271

By Yuval Avrahami
November 19, 2019 at 6:00 AM

6 min. read

58,851

people reacted

Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub

By Jay Chen
October 16, 2019 at 6:00 AM

6 min. read

52,145

people reacted

Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)

By Aviv Sasson
September 18, 2019 at 1:06 PM

4 min. read

17,040

people reacted

Gaining Persistency on Vulnerable Lambdas

By Yuval Avrahami
September 2, 2019 at 6:08 AM

10 min. read

20,542

people reacted

Non-Root Containers, Kubernetes CVE-2019-11245 and Why You Should Care

By Ariel Zelivansky
August 28, 2019 at 3:43 AM

6 min. read

50,908

people reacted

Hunting the Public Cloud for Exposed Hosts and Misconfigurations

By Jay Chen
August 12, 2019 at 6:00 AM

11 min. read

67,570

people reacted

Rocke'in the NetFlow

By Nathaniel Quist
August 1, 2019 at 6:00 AM

10 min. read

49,252

people reacted

Cloudy with a Chance of Entropy

By Unit 42
July 24, 2019 at 6:00 AM

2 min. read

38,425

people reacted

Evasion of Security Policies by VPN Clients Poses Great Risk to Network Operators

By Stefan Achleitner and Michael Huo
June 26, 2019 at 9:45 AM

4 min. read

39,050

people reacted

TCP SACK Panics Linux Servers

By Unit 42
June 21, 2019 at 7:30 AM

5 min. read

34,223

people reacted

Misconfigured and Exposed: Container Services

By Nathaniel Quist
June 6, 2019 at 9:00 AM

12 min. read

57,580

people reacted

Making Containers More Isolated: An Overview of Sandboxed Container Technologies

By Jay Chen
June 6, 2019 at 6:00 AM

15 min. read

8,849

people reacted

Breaking Out of rkt – 3 New Unpatched CVEs

By Yuval Avrahami
May 30, 2019 at 8:05 AM

5 min. read

8,220

people reacted

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101

By Ariel Zelivansky
March 28, 2019 at 7:54 AM

5 min. read

29,002

people reacted

Breaking out of Docker via runC – Explaining CVE-2019-5736

By Yuval Avrahami
February 21, 2019 at 6:55 AM

11 min. read

DarkHydrus delivers new Trojan that can use Google Drive for C2 communications

By Robert Falcone and Bryan Lee
January 18, 2019 at 10:40 AM

14 min. read

Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products

By Xingyu Jin and Claud Xiao
January 17, 2019 at 6:00 AM

5 min. read

24,541

people reacted

Unit 42 Cloud Security Trends and Tips

By Unit 42
December 11, 2018 at 6:00 AM

2 min. read

9,134

people reacted

Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)

By Ariel Zelivansky
December 9, 2018 at 7:40 AM

6 min. read

45,818

people reacted

Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

By Claud Xiao, Cong Zheng and Xingyu Jin
September 17, 2018 at 5:00 AM

12 min. read

34,137

people reacted

NexusLogger: A New Cloud-based Keylogger Enters the Market

By Josh Grunzweig
March 15, 2017 at 1:00 PM

6 min. read

Popular Resources

Legal Notices

Account