Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile

From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North America and Asia, across different segments, led by the technology, financial services, and banking sectors.

Cloud Threats Memo: Russian State-sponsored Threat Actors Increasingly Exploiting Legitimate Cloud Services

State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.

SkopeAI: AI-powered Data Protection that Mimics the Human Brain

In the modern, cloud-first era, traditional data protection technology approaches struggle to keep up. Data is rapidly growing in volume, variety, and velocity. It is becoming more and more unstructured, and therefore, harder to detect, and consequently, to protect.

Mitigating the Latest Microsoft Teams Vulnerability with Netskope

Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

Is Your Multi-cloud Strategy Paying Off? Unlocking the Benefits of Multi-cloud Architectures with Netskope SASE

Should we be using multiple public cloud providers? As organizations continue to migrate applications and workloads to public cloud platforms, they often face the tough decision of sticking with a single provider or embracing multiple clouds. Using multiple cloud providers promises a variety of benefits including the ability to minimize vendor lock-in, leverage best-of-breed services, achieve cost advantages, and comply with data sovereignty rules.

Netskope Threat Coverage: Microsoft Office and Windows Zero Day (CVE-2023-36884)

Microsoft disclosed a zero-day vulnerability impacting Office and Windows on July’s Patch Tuesday. This vulnerability has an “important” severity level, and can allow attackers to perform remote code execution with the same privileges as the target. As of this writing, there is no patch available to mitigate the vulnerability, but Microsoft has provided mitigation steps.

Harnessing the Managed Services Opportunity: Netskope Unveils New Managed Service Provider (MSP) Program

In today’s service economy, enterprise and mid-market organizations alike are increasingly favoring a managed services model for their advanced technology solutions. To address the heightened demand and evolving procurement trends, we are pleased to announce the new Netskope Managed Service Provider (MSP) Program.

Cloud Threats Memo: Another State-Sponsored Actor Exploiting Dropbox

Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here. Charming Kitten (also known as APT35, TA453, Mint Sandstorm, Yellow Garuda) is a well-known prolific Iranian state-sponsored threat actor, particularly active through complex social engineering campaigns, against European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations since at least 2014.

AWS Amplify Hosted Phishing Campaigns Abusing Telegram, Static Forms

Netskope Threat Labs is tracking phishing campaigns that are abusing several free cloud services to host their websites and collect user information. These campaigns host their phishing sites in AWS Amplify which is available to free-tier users. Some phishing campaigns also abuse Telegram and Static Forms to collect users’ credentials. These phishing attacks aim to steal banking, webmail, and Microsoft 365 credentials, as well as victims’ card payment details.