Threat Actors Target AWS EC2 Workloads to Steal Credentials

Credit to Author: Nitesh Surana| Date: Wed, 26 Oct 2022 00:00:00 +0000

We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools.

Read more

TeamTNT Returns – or Does It?

Credit to Author: Sunil Bharti| Date: Wed, 19 Oct 2022 00:00:00 +0000

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.

Read more

Security Risks in Logistics APIs Used by E-Commerce Platforms

Credit to Author: Ryan Flores| Date: Tue, 20 Sep 2022 00:00:00 +0000

Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.

Read more

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Credit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.

Read more

How Malicious Actors Abuse Native Linux Tools in Attacks

Credit to Author: Nitesh Surana| Date: Thu, 08 Sep 2022 00:00:00 +0000

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.

Read more

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Credit to Author: Alfredo Oliveira| Date: Wed, 07 Sep 2022 00:00:00 +0000

We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing cloud resources.

Read more

Tackling the Growing and Evolving Digital Attack Surface: 2022 Midyear Cybersecurity Report

Credit to Author: Trend Micro Research| Date: Wed, 31 Aug 2022 00:00:00 +0000

This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.”

Read more