At the Black Hat USA conference in Las Vegas, Naor Haziz, a researcher at Sweet Security, unveiled an attack dubbed ECScape, capable of completely undermining the trust-based security model of Amazon ECS. The vulnerability...
Amazon was forced to urgently withdraw a compromised version of its AI-powered programming assistant, Q, after a malicious instruction was covertly embedded into the system. This rogue directive prompted the assistant to exploit command-line...
Whether you’re a developer, security engineer, or just a curious person, Cloud Snitch is guaranteed to teach you something and take your relationship with your cloud to the next level. Cloud Snitch provides a...
Perhaps the most critical component of an AWS infrastructure is the policy document describing the actions allowed or denied to a resource. IAM can become a messy kitchen as misconfigurations will introduce gaps in...
Cybercriminals have launched a large-scale campaign dubbed OneClik, targeting companies in the energy, oil, and gas sectors. The attack leverages Microsoft’s legitimate ClickOnce technology and a custom-designed backdoor known as RunnerBeacon, allowing threat actors...
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the...
IMDShift AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery (SSRF) attacks. IMDShift automates the migration process of all workloads to IMDSv2 with extensive capabilities, which implements enhanced security...
Malicious actors exploit vulnerabilities, known for several years, to deploy the Androxgh0st malware and create a botnet aimed at stealing cloud-based credentials. This has been reported by the Federal Bureau of Investigation (FBI) and...
Bloomberg News quoted the content of a research report by analyst Alex Haissl of investment consultancy Redburn, alleging that Amazon may split its cloud services subsidiary AWS in the future. Alex Haissl believes that...
In the early years, the U.S. Department of Defense selected Microsoft as the exclusive partner for its cloud computing platform through a public tender, for which Microsoft won a $10 billion cloud computing contract....
At the AWS Cloud Containers Conference, Docker and Amazon Web Services (AWS) announced the deep integration of Docker Compose, Docker Desktop, and Docker Hub with Amazon ECS container services on AWS Fargate to simplify...
Canonical announced yesterday that it will provide Amazon with an Ubuntu Pro image for Amazon Web Services (AWS). This new image is available through the AWS Marketplace and covers Ubuntu 14.04 LTS, 16.04 LTS,...
There is no doubt that Rust is a good programming language. Previously, the Microsoft Security Response Center’s exploration of the use of Rust has caused a lot of attention. After four consecutive years of...
