A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.
Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.
Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.
Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-210 General Access Control Guidance for Cloud Systems.
Security researchers at Intezer Labs detected a new Linux malware dubbed “Doki” and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.
Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader “Zero Trust Security Strategy” to help organizations provide more secure access to corporate resources.
In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.