FlagThis

Two ransomware groups, tracked as STAC5143 and STAC5777, are actively exploiting Microsoft 365 services and default settings to gain access to internal enterprise users. These groups are using their own Microsoft 365 tenants to target organizations, underscoring significant security risks. These attacks highlight the need for enhanced security measures on Microsoft 365 platform to defend against ransomware.

Sweet Security has launched a new Large Language Model (LLM)-powered cloud detection engine, which drastically reduces cloud detection noise to 0.04%. This patent-pending technology enhances their unified detection and response solution, using advanced AI to help security teams navigate complex cloud environments more effectively. The LLM analyzes data to filter out false positives with high precision. This reduces alert fatigue, allowing security teams to focus on genuine threats.

Otelier, a hotel management platform, suffered a significant data breach after attackers compromised its Amazon S3 cloud storage. Millions of guests’ personal information and hotel reservations were stolen. The affected hotel brands include Marriott, Hilton, and Hyatt. The stolen data could include personally identifiable information and reservation details, exposing guests to potential identity theft and fraud.

A new ransomware campaign is exploiting Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets. The attackers use encryption keys unknown to the victims and demand ransoms for the decryption keys. This attack abuses a legitimate AWS feature, creating a very difficult situation for its victims who cannot recover their data without the decryption key. The ransomware crew has been dubbed ‘Codefinger’.

A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.

The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.

Security flaws in the cloud management platform of Ruijie Networks could allow an attacker to take control of network devices. These vulnerabilities affect both the Reyee platform and Reyee OS network devices, potentially exposing over 50,000 devices to remote attacks. This large number of exposed devices could be used in a large-scale botnet attack. Network appliances are critical infrastructure which can cause large scale damage and disruption if they are compromised.

Immediate patching of the affected devices is strongly recommended to prevent a potentially catastrophic large-scale compromise. Network administrators should ensure their systems are up to date with the latest security patches. Security teams should also look into this in detail to make sure that their infrastructure is not affected.

Cybercriminals are exploiting Cloudflare Pages (.dev) and Workers (.dev) for phishing and other attacks, leveraging Cloudflare’s trusted reputation. These platforms are being misused to host phishing attacks, malicious web pages, and targeted email lists. This highlights the risk of attackers misusing legitimate services for malicious purposes. The attackers are using the trusted reputation of Cloudflare to increase the success rate of their attacks.

This news cluster focuses on the security implications of Microsoft’s shift towards a subscription-based operating model for PCs, exemplified by their Windows 365 Link. This thin client relies on Azure cloud services, raising concerns regarding data security and privacy. The reliance on cloud services centralizes access points which could create a single point of failure vulnerable to large-scale attacks.