Cloud services provide many benefits. But they also provide some risks. This Insight looks at a risk that is not well known.
We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators.
Home and small office routers have been a cybercriminal target for years. But the shift to work from home during the pandemic increased their value as people used them to connect to work systems.
A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.
This is another privilege escalation vulnerability, that if exploited would allow a user to escalate their privileges and take over the cluster host.
Insurers are making significant changes to cyber policies from the application process to the claims process. Understanding what is expected can help you prepare.
In a sad statement about the times, over 24 billion username and password combinations are currently listed on the Dark Web. Since there are about 6 billion people on the planet, that equates to 4 sets for each person.
Interpol coordinated with police forces in 76 countries to take down 1770 locations and call centers perpetrating scams.
Interpol collaboration closes over 1700 scamming call centers
For now this is only being used for cryptojacking, using other people’s computing power to mine for cryptocurrency. While certainly not the most harmful of cybercrime, the method used to gain access and spread is new and may be used for other purposes in the future.
A positive step in the fight against ransomware is the recently announced collaboration between the USA Department of Justice and the EU based Eurojust. The two groups are working on legal and law enforcement focused approaches.