• Tools
  • ATOMs
  • Speaking Events
  • About Us

Cloud

This conceptual image illustrates the concept of cloud providers.
9,820
people reacted

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

We evaluate AWS EBS Direct APIs for defense and DFIR, and cover security considerations. We also release supporting open source tools.

Read Blog

9

6 min. read

A conceptual image illustrating finding vulnerabilities on the web. IAMFinder is a custom open source tool that can help organizations identify information leakage in AWS accounts.
26,460
people reacted

IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance

  • By Jay Chen
  • November 19, 2020 at 12:00 PM

21

6 min. read

This conceptual image illustrates some of the security and configuration issues involved with the cloud, such as the issue with AWS resource-based policy APIs discussed here.
32,916
people reacted

Information Leakage in AWS Resource-Based Policy APIs

  • By Jay Chen
  • November 17, 2020 at 3:00 AM

13

6 min. read

The conceptual image illustrates the idea of the risks that misconfigured IAM roles can pose for cloud workloads.
24,156
people reacted

Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads

  • By Jay Chen
  • October 8, 2020 at 6:00 AM

14

15 min. read

This conceptual image illustrates the role of Cloud Service Providers (CSPs) in cloud security.
20,695
people reacted

Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services

  • By Nathaniel Quist
  • October 7, 2020 at 6:00 AM

3

7 min. read

This conceptual image illustrates the concept of misconfigurations in the cloud. IAM misconfigurations are a key concern outlined in the Unit 42 Cloud Threat Report, 2H 2020.
25,969
people reacted

Highlights from the Unit 42 Cloud Threat Report, 2H 2020

  • By Unit 42
  • October 6, 2020 at 3:00 AM

25

3 min. read

This conceptual image illustrates the concept of cryptojacking, a technique used by Black-T
22,468
people reacted

Black-T: New Cryptojacking Variant from TeamTnT

  • By Nathaniel Quist
  • October 5, 2020 at 6:00 AM

4

10 min. read

This illustrates the concept of container security.
19,032
people reacted

The Challenge of Persistence in Containers and Serverless

  • By Ariel Zelivansky
  • September 10, 2020 at 6:00 AM

8

6 min. read

Cryptomining, as illustrated here, is one of the goals of Cetus, a cryptojacking worm.
16,976
people reacted

Cetus: Cryptojacking Worm Targeting Docker Daemons

  • By Aviv Sasson
  • August 27, 2020 at 6:00 AM

14

5 min. read

A conceptual image illustrating research into Kubernetes security.
30,994
people reacted

Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)

  • By Yuval Avrahami and Ariel Zelivansky
  • July 27, 2020 at 6:00 AM

20

7 min. read

32,044
people reacted

Attackers Cryptojacking Docker Images to Mine for Monero

  • By Ashutosh Chitwadgi and Rahul Rajewar
  • June 25, 2020 at 3:00 AM

30

6 min. read

30,875
people reacted

Rootless Containers: The Next Trend in Container Security

  • By Aviv Sasson
  • May 26, 2020 at 6:00 AM

20

6 min. read

20,004
people reacted

COVID-19 Themed Malware Within Cloud Environments

  • By Nathaniel Quist
  • May 11, 2020 at 7:54 AM

8

9 min. read

22,427
people reacted

COVID-19: Cloud Threat Landscape

  • By Jay Chen
  • May 4, 2020 at 6:00 AM

13

6 min. read

27,658
people reacted

Unit 42 CTR: Leaked Code from Docker Registries

  • By Jay Chen
  • February 7, 2020 at 6:00 AM

24

7 min. read

23,466
people reacted

Unit 42 CTR: Sensitive Data Exposed in GitHub

  • By Nathaniel Quist
  • February 6, 2020 at 6:00 AM

14

7 min. read

23,060
people reacted

Unit 42 Cloud Threat Report: Spring 2020

  • By Unit 42
  • February 5, 2020 at 3:00 AM

26

3 min. read

21,773
people reacted

Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed

  • By Jay Chen
  • January 29, 2020 at 6:00 AM

17

10 min. read

32,142
people reacted

What I Learned from Reverse Engineering Windows Containers

  • By Daniel Prizmant
  • December 12, 2019 at 6:00 AM

31

8 min. read

23,150
people reacted

TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks

  • By Bryan Lee, Brittany Barbehenn and Mike Harbison
  • December 9, 2019 at 6:00 AM

12

7 min. read

20,416
people reacted

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

  • By Jay Chen
  • November 26, 2019 at 6:00 AM

20

9 min. read

48,989
people reacted

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271

  • By Yuval Avrahami
  • November 19, 2019 at 6:00 AM

50

6 min. read

55,695
people reacted

Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub

  • By Jay Chen
  • October 16, 2019 at 6:00 AM

27

6 min. read

50,672
people reacted

Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)

  • By Aviv Sasson
  • September 18, 2019 at 1:06 PM

28

4 min. read

14,081
people reacted

Gaining Persistency on Vulnerable Lambdas

  • By Yuval Avrahami
  • September 2, 2019 at 6:08 AM

22

10 min. read

17,724
people reacted

Non-Root Containers, Kubernetes CVE-2019-11245 and Why You Should Care

  • By Ariel Zelivansky
  • August 28, 2019 at 3:43 AM

12

6 min. read

49,939
people reacted

Hunting the Public Cloud for Exposed Hosts and Misconfigurations

  • By Jay Chen
  • August 12, 2019 at 6:00 AM

27

11 min. read

65,629
people reacted

Rocke’in the NetFlow

  • By Nathaniel Quist
  • August 1, 2019 at 6:00 AM

18

10 min. read

48,013
people reacted

Cloudy with a Chance of Entropy

  • By Unit 42
  • July 24, 2019 at 6:00 AM

15

2 min. read

37,495
people reacted

Evasion of Security Policies by VPN Clients Poses Great Risk to Network Operators

  • By Stefan Achleitner and Michael Huo
  • June 26, 2019 at 9:45 AM

9

4 min. read

38,264
people reacted

TCP SACK Panics Linux Servers

  • By Unit 42
  • June 21, 2019 at 7:30 AM

7

5 min. read

33,208
people reacted

Misconfigured and Exposed: Container Services

  • By Nathaniel Quist
  • June 6, 2019 at 9:00 AM

5

12 min. read

54,809
people reacted

Making Containers More Isolated: An Overview of Sandboxed Container Technologies

  • By Jay Chen
  • June 6, 2019 at 6:00 AM

26

15 min. read

6,599
people reacted

Breaking Out of rkt – 3 New Unpatched CVEs

  • By Yuval Avrahami
  • May 30, 2019 at 8:05 AM

14

5 min. read

5,858
people reacted

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101

  • By Ariel Zelivansky
  • March 28, 2019 at 7:54 AM

4

5 min. read

23,888
people reacted

Breaking out of Docker via runC – Explaining CVE-2019-5736

  • By Yuval Avrahami
  • February 21, 2019 at 6:55 AM

24

11 min. read

DarkHydrus delivers new Trojan that can use Google Drive for C2 communications

  • By Robert Falcone and Bryan Lee
  • January 18, 2019 at 10:40 AM

6

14 min. read

Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products

  • By Xingyu Jin and Claud Xiao
  • January 17, 2019 at 6:00 AM

2

5 min. read

22,057
people reacted

Unit 42 Cloud Security Trends and Tips

  • By Unit 42
  • December 11, 2018 at 6:00 AM

0

2 min. read

6,820
people reacted

Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)

  • By Ariel Zelivansky
  • December 9, 2018 at 7:40 AM

7

6 min. read

41,253
people reacted

Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

  • By Claud Xiao, Cong Zheng and Xingyu Jin
  • September 17, 2018 at 5:00 AM

1

12 min. read

31,867
people reacted

NexusLogger: A New Cloud-based Keylogger Enters the Market

  • By Josh Grunzweig
  • March 15, 2017 at 1:00 PM

0

6 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2021 Palo Alto Networks, Inc. All rights reserved.