Insights

Another Cloud Risk

Cloud services provide many benefits. But they also provide some risks. This Insight looks at a risk that is not well known.

 

A Hidden Cloud risk


Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators. 

Another risk of low-code/no-code


ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

Home and small office routers have been a cybercriminal target for years. But the shift to work from home during the pandemic increased their value as people used them to connect to work systems. 

 

Home and Small Office Routers at risk


New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.  

Microsoft privilege escalation vulnerability


CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

This is another privilege escalation vulnerability, that if exploited would allow a user to escalate their privileges and take over the cluster host.

 

Privilege Escalation Vulnerability


Cyber Insurance is Changing Radically – Are You Prepared?

Insurers are making significant changes to cyber policies from the application process to the claims process. Understanding what is expected can help you prepare. 

 

Cyber insurers making big changes


24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far

In a sad statement about the times, over 24 billion username and password combinations are currently listed on the Dark Web. Since there are about 6 billion people on the planet, that equates to 4 sets for each person.

 

Username and Password still a significant risk


Thousands Arrested in Global Raids on Social-Engineering Scammers

Interpol coordinated with police forces in 76 countries to take down 1770 locations and call centers perpetrating scams. 

Interpol collaboration closes over 1700 scamming call centers


Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys

For now this is only being used for cryptojacking, using other people’s computing power to mine for cryptocurrency. While certainly not the most harmful of cybercrime, the method used to gain access and spread is new and may be used for other purposes in the future. 

 

New method used to create cryptojacking botnet


EU & US Unite to Fight Ransomware

A positive step in the fight against ransomware is the recently announced collaboration between the USA Department of Justice and the EU based Eurojust. The two groups are working on legal and law enforcement focused approaches. 

 

Joint EU and USA effort to stop scammers