FlagThis

Versa Networks launches sovereign SASE, challenging the cloud-only security model. Sovereign SASE allows enterprises and service providers to deploy a SASE platform within their own on-premises or private cloud environments, rather than relying on a shared cloud-based service. Versa’s sovereign SASE runs entirely on customer-controlled infrastructure.

A new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. An AMI is a pre-configured virtual machine template used to launch EC2 instances in AWS. Attackers can exploit this by publishing a malicious AMI with a matching name and newer timestamp, tricking automated infrastructure-as-Code (IaC) tools like Terraform into selecting a compromised image.

Palo Alto Networks has introduced Cortex Cloud, integrating its cloud detection and response (CDR) and cloud-native application protection platform (CNAPP) capabilities onto the unified Cortex platform. This solution uses AI and automation to provide real-time cloud security, reducing risks and preventing threats. Unit 42 reports show that 80% of security incidents occur during runtime, highlighting the need for real-time protection.

Researchers have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. Attackers can re-register these abandoned buckets and serve malicious files to applications and tools that look for them, potentially leading to remote code execution and other security compromises. Researchers from security firm watchTowr identified approximately 150 AWS S3 storage buckets once used by various software projects to host sensitive scripts, configuration files, software updates, and other binary artifacts that were automatically downloaded and executed on user machines. Over a two-month period, the buckets received around 8 million HTTPS requests for all sorts of files, with requests coming from IP addresses registered to government agencies from several countries, including the US and the UK, military networks, Fortune 500 companies, payment card networks, industrial product manufacturers, banks and other financial organizations, universities, software vendors, and even cybersecurity companies.

Multiple vulnerabilities have been discovered in VMware Aria Operations and Aria Operations for Logs. These include information disclosure flaws allowing credential exposure, stored cross-site scripting, and privilege escalation issues. An attacker could use these vulnerabilities to gain unauthorized access to sensitive data and escalate privileges, potentially compromising the entire system. Patches are available and should be applied immediately.

Two ransomware groups, tracked as STAC5143 and STAC5777, are actively exploiting Microsoft 365 services and default settings to gain access to internal enterprise users. These groups are using their own Microsoft 365 tenants to target organizations, underscoring significant security risks. These attacks highlight the need for enhanced security measures on Microsoft 365 platform to defend against ransomware.

Sweet Security has launched a new Large Language Model (LLM)-powered cloud detection engine, which drastically reduces cloud detection noise to 0.04%. This patent-pending technology enhances their unified detection and response solution, using advanced AI to help security teams navigate complex cloud environments more effectively. The LLM analyzes data to filter out false positives with high precision. This reduces alert fatigue, allowing security teams to focus on genuine threats.

Otelier, a hotel management platform, suffered a significant data breach after attackers compromised its Amazon S3 cloud storage. Millions of guests’ personal information and hotel reservations were stolen. The affected hotel brands include Marriott, Hilton, and Hyatt. The stolen data could include personally identifiable information and reservation details, exposing guests to potential identity theft and fraud.

A new ransomware campaign is exploiting Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets. The attackers use encryption keys unknown to the victims and demand ransoms for the decryption keys. This attack abuses a legitimate AWS feature, creating a very difficult situation for its victims who cannot recover their data without the decryption key. The ransomware crew has been dubbed ‘Codefinger’.

A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.

The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.

Security flaws in the cloud management platform of Ruijie Networks could allow an attacker to take control of network devices. These vulnerabilities affect both the Reyee platform and Reyee OS network devices, potentially exposing over 50,000 devices to remote attacks. This large number of exposed devices could be used in a large-scale botnet attack. Network appliances are critical infrastructure which can cause large scale damage and disruption if they are compromised.

Immediate patching of the affected devices is strongly recommended to prevent a potentially catastrophic large-scale compromise. Network administrators should ensure their systems are up to date with the latest security patches. Security teams should also look into this in detail to make sure that their infrastructure is not affected.

Cybercriminals are exploiting Cloudflare Pages (.dev) and Workers (.dev) for phishing and other attacks, leveraging Cloudflare’s trusted reputation. These platforms are being misused to host phishing attacks, malicious web pages, and targeted email lists. This highlights the risk of attackers misusing legitimate services for malicious purposes. The attackers are using the trusted reputation of Cloudflare to increase the success rate of their attacks.