Topic: persistent access
-
Hijacked OAuth Apps: Your Cloud's Secret Backdoor
Cybercriminals exploit internal OAuth applications to create persistent backdoors in corporate cloud systems, bypassing security measures like password resets and multi-factor authentication. Attackers deceive users into approving malicious OAuth apps or compromise admin accounts to create truste...
Read More » -
Chinese Tech Firms Tied to Global Salt Typhoon Hacking Campaigns
Three Chinese tech firms are identified as key enablers of the global Salt Typhoon hacking campaigns, supplying tools and services to Chinese state security and military bodies for cyber espionage against governments, telecoms, and critical infrastructure. The hacking campaigns exploit known and ...
Read More » -
Cisco Warns Hackers Exploited Critical Bug Since 2023
Cisco has disclosed a critical, actively exploited vulnerability in its Catalyst SD-WAN Manager software, which allows attackers to remotely compromise networks and gain full administrative control. The flaw poses a severe threat to critical infrastructure, and a coalition of governments has issu...
Read More » -
Google: Cloud Breaches Driven More by Flaws Than Weak Passwords
Exploiting software vulnerabilities has replaced weak passwords as the primary method for breaching cloud environments, accounting for nearly 45% of intrusions as attackers rapidly weaponize new flaws. The window for exploiting disclosed vulnerabilities has collapsed to mere days, with attackers ...
Read More » -
Ransomware Attackers Wipe Azure Data and Backups After Theft
A new wave of cloud-focused ransomware attacks by group Storm-0501 systematically wipes primary data and backups in Microsoft Azure, leaving organizations with no recovery options. The group exploits native cloud functionalities to exfiltrate large volumes of data without on-premises hardware, ma...
Read More »