Security researchers at Palo Alto Networks uncovered a large-scale extortion campaign exploiting misconfigured cloud environments. Attackers targeted over 110,000 domains by accessing exposed .env files, which contained sensitive information like AWS IAM keys, SaaS API keys, and database logins. These misconfigurations allowed attackers to infiltrate cloud environments, exfiltrate data, and …
Aqua Security researchers uncovered six critical vulnerabilities in AWS services, leading to risks like remote code execution, data theft, AI model manipulation, and account takeover. AWS promptly patched these vulnerabilities, but the researchers warn that similar flaws might exist in other AWS and open-source services. They advised organizations on general …
The Department of Health and Human Services (HHS) faces significant cloud security vulnerabilities, as highlighted in a recent audit by the Office of Inspector General (OIG). The report reveals weaknesses in a dozen security controls and inadequacies in HHS’ cloud inventory processes. Critical issues include a lack of multifactor authentication …
As cloud usage becomes vital for organizations, it has also become a target for cyberattacks. A recent report by Thales highlights that 47% of corporate data stored in the cloud is sensitive, making cloud security a top priority. SaaS applications, cloud storage, and cloud management infrastructure are the leading attack …
