Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.

When it comes to data management and disaster recovery, organizations continually seek innovative solutions to streamline operations, enhance efficiency, and bolster resilience. While the standard out of the box tools work for most organizations, some need expanded control and capabilities. In these cases, centralized management is a logical solution that provides administrators with the ability to orchestrate complex IT environments from a single, unified interface.

In the previous article, we discussed high-interaction honeypots and used vcluster to build an intentionally-vulnerable SSH server inside of its own cluster so it couldn’t hurt anything else in the environment when it got owned. Then, we installed Falco on the host and proceeded to attack the SSH server, watching the Falco logs to see the appropriate rule trigger when we read /etc/shadow.

95% of cloud security fails are due to internal slip-ups. One wrong password, one sloppy permission, and your sensitive data are out in the open. Thankfully, AWS gives you tools to fight back. IAM lets you control who does what, down to the finest detail. And IAM PassRole? It prevents sneaky permission grabs that put your data at risk.

The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With the company forced to disconnect over 100 systems, medical claims processing ground to a halt. This disruption, termed by the president and chief executive of the American Hospital Association as “the most serious incident of its kind” in healthcare, brought many medical providers to the brink of closure.

The National Institute of Standards and Technology (NIST) released version 2.0 of the Cybersecurity Framework (CSF) on February 26, 2024. The original version was released in 2014, one year after Executive Order 13636 was signed on February 12, 2013. This executive order was written to improve critical infrastructure cybersecurity, streamline the sharing of threat information, and to drive action towards developing a cybersecurity framework.

The complex geopolitical landscape in Southeast Asia, influenced by People’s republic of China (PRC)’s strategic interests and territorial disputes, faces a prominent offensive threat from Chinese cyber operations. Southeast Asia’s economic and digital growth make it a prime target for cyber threats. In the past 8 months Cyberint has been able to identify a major large-scale campaign.