Harnessing AI’s full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.
from darkreading https://ift.tt/xu5oXrv
via IFTTT
Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool.
“This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
from The Hacker News https://ift.tt/7I68qWE
via IFTTT
The August acquisition will bring together Red Canary’s extensive integration ecosystem with Zscaler’s cloud transaction data to deliver an AI-powered security operations platform.
from darkreading https://ift.tt/VyqhSWj
via IFTTT
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month.
The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.
“These IPs triggered 75 distinct behaviors, including CVE exploits,
from The Hacker News https://ift.tt/gDfB1WV
via IFTTT
Zscaler announced Tuesday its intention to acquire Red Canary, a company known for Managed Detection and Response (MDR) services, to boost its ability to integrate artificial intelligence, automation and human expertise into its security offerings.
The acquisition is positioned around the convergence of Zscaler’s data-driven, AI-centric cloud security and Red Canary’s decade of operational expertise in MDR. Zscaler’s executive leadership emphasizes the blending of large-scale data intelligence and automated, agentic Security Operations Centers (SOCs) with the capabilities of ThreatLabz, its security research division.
“The proposed acquisition of Red Canary is a natural expansion of our capabilities into managed detection and response and threat intelligence to accelerate our vision of AI-powered SOC of the future,” Jay Chaudhry, CEO and founder of Zscaler, said in a press release. “By integrating Red Canary with Zscaler, we will deliver to our customers the power of a fully integrated Zero Trust platform and AI-powered security operations.”
Red Canary, with over a decade of experience in MDR and security operations, is known for accelerating threat investigation and automating remediation at scale. Its core value proposition focuses on swift, accurate threat detection, claiming up to a tenfold reduction in investigation time and an accuracy rate of 99.6% across extensive customer deployments.
Zscaler brings scale and data depth to the equation, protecting nearly 45% of Fortune 500 enterprises. Its cloud security platform handles more than 500 billion transactions per day, forming a substantial data lake used to fuel AI-based security products and digital experience tools.
By joining Zscaler, Red Canary anticipates access to a broader array of security data, including that processed on Zscaler’s Zero Trust Exchange and exposure management systems. The integration aims to enhance the speed and accuracy of threat detection, further leveraging cross-domain insights from endpoints, networks, cloud workloads, and identity systems.
“We’re about to gain access to 500 billion daily transactions of data and threat intelligence processed on Zscaler’s Zero Trust Exchange and exposure management data,” Brian Beyer, Red Canary CEO and co-founder, said in a release. “This will significantly enhance our ability to detect threats faster and more accurately. The innovation this will bring is going to be incredible.”
The deal reflects a growing trend in cybersecurity toward consolidation and integration, as enterprises are seeking to centralize their data, automate detection and response, and use AI to offset talent shortages.
Earlier this month, Proofpoint acquired Germany-based Hornetsecurity for $1 billion. In March, Google announced plans to acquire Israeli-founded cloud security startup Wiz for $32 billion, while Palo Alto Networks revealed its intention in April to purchase AI-focused startup Protect AI.
Terms of the deal were not disclosed. The agreement, subject to regulatory approvals, is expected to close in August 2025.
The post ZScaler acquires Red Canary for boost in AI-driven security operations appeared first on CyberScoop.
from CyberScoop https://ift.tt/rCbP5RY
via IFTTT
As the internet fills up with clips from AI-video generators, hacking groups are seeding the online landscape with malware-laced programs and fake websites hoping to cash in on the trend.
Tracked by researchers at Mandiant and Google Cloud, the campaign is being carried out by a group identified as “UNC6032.” Since mid-2024, they have spread thousands of advertisements, fake websites and social media posts promising victims access to popular prompt-to-video AI generation tools like Luma AI, Canva Dream Lab and Kling AI.
Those promises lead to phishing pages and malware, with the group deploying infostealers and backdoors on victim devices. Compromised parties saw their login credentials, cookies, credit card data and in some cases Facebook information stolen, and the scheme appears to be impacting a wide range of industries and geographic areas.
“Mandiant Threat Defense has identified thousands of UNC6032-linked ads that have collectively reached millions of users across various social media platforms like Facebook and LinkedIn,” wrote researchers Diana Ion, Rommel Joven and Yash Gupta. “We suspect similar campaigns are active on other platforms as well, as cybercriminals consistently evolve tactics to evade detection and target multiple platforms to increase their chances of success.”
The emergence of highly realistic AI prompt-to-video generation tools over the past several months has generated curiosity, concerns and a significant amount of interest from the public. According to Google Trends, internet searches for AI video generation tools have surged over the past year, and especially since April.
The technology today is capable of creating startlingly lifelike people and scenes with virtually none of the glitching or visual cues that made previous AI-generated videos easier to spot.
Cybersecurity company Morphisec, which published similar research earlier this month, noted how the proliferation of AI video generators over the past year has lowered the barrier for new entrants, giving even low-technical users the ability to create realistic fake media. The rush to jump on this latest trend, from users who may not be highly technical or familiar with AI tools, represents a new opportunity for cybercriminals and hackers.
“What makes this campaign unique is its exploitation of AI as a social engineering lure — turning an emerging legitimate trend into an infection vector,” wrote Morphisec researcher Shmuel Uzan. “Unlike older malware campaigns disguised as pirated software or game cheats, this operation targets a newer, more trusting audience: creators and small businesses exploring AI for productivity.”
Mandiant researchers gave a shout-out to Meta, which was apparently aware of and investigating UNC6032’s campaign before being notified by Mandiant, and contributed to the research. Using Meta’s ad library, which has enhanced ad targeting information for European users due to regulations, Mandiant’s team found more than 30 different websites that were cited in thousands of fake ads, mostly on Facebook through attacker-created pages or hacked accounts.
Nearly all the websites advertised free or high-quality AI-video generation capabilities.
“Once the user provides a prompt to generate a video, regardless of the input, the website will serve one of the static payloads hosted on the same (or related) infrastructure,” the researchers wrote.
Google Cloud has said UNC6032 has a “nexus” to Vietnam. Mandiant and Google Cloud use the term “UNC” to denote unique clusters of hacking activity for which there is only limited available information and telemetry.
That means UNC6032 may be an offshoot of a previously tracked threat group using different tactics, techniques and procedures or a completely new hacking group, and while the activity has a “nexus” to Vietnam, that does not necessarily imply a state-based connection.
The post Mandiant flags fake AI video generators laced with malware appeared first on CyberScoop.
from CyberScoop https://ift.tt/lyISF9u
via IFTTT
A newly discovered Russian state-sponsored threat group has targeted a large swath of industries, especially in NATO member states and Ukraine, part of a global espionage campaign in support of Moscow’s interests, Microsoft Threat Intelligence said in a Tuesday blog post.
Laundry Bear, a group Microsoft tracks as Void Blizzard, has attacked multiple governments and critical infrastructure providers since at least 2024. Dutch intelligence and security services agencies on Tuesday said the group infiltrated the Netherlands’ national police force’s systems in September 2024 and stole work-related contact details on police staff.
“We have seen this hacker group successfully gain access to sensitive information from a large number of government organizations and companies worldwide,” Peter Reesink, director of the Netherlands’ Ministry of Defense, said in a statement Tuesday, according to a translation. “Laundry Bear is looking for information about the purchase and production of military equipment by Western governments and Western deliveries of weapons to Ukraine.”
The group’s initial access methods lack sophistication, yet the group has gained access to and stolen data from multiple organizations in critical sectors.
“While Void Blizzard’s tactics, techniques, and procedures are not unique among advanced persistent threat actors or even Russian nation state-sponsored groups, the widespread success of their operations underscores the enduring threat from even unsophisticated TTPs when leveraged by determined actors seeking to collect sensitive information,” Microsoft threat researchers said in the blog post.
Void Blizzard has engaged in espionage targeting government agencies, defense suppliers, and organizations in communications, IT, health care, education, media and transportation since mid-2024, according to Microsoft.
“The threat actor uses stolen credentials — which are likely procured from commodity infostealer ecosystems — and collects a high volume of email and files from compromised organizations,” Microsoft threat researchers said. The group likely obtains cookies and other credentials from criminal ecosystems for password spray attacks, Microsoft added.
Void Blizzard uses these credentials to gain initial access to Exchange and SharePoint Online for intelligence gathering. The group then abuses legitimate cloud APIs to sift through mailboxes and cloud-hosted files prior to automating bulk theft of cloud-hosted data, Microsoft said.
In some cases, the group has accessed Microsoft Teams conversations and messages, and cataloged Microsoft Entra ID configurations to gain information about users, roles, groups, applications and devices belonging to that account.
Microsoft Threat Intelligence in April identified a Void Blizzard adversary-in-the-middle spear-phishing campaign that targeted more than 20 non-governmental agencies in Europe and the United States. In those attacks, the threat group used a typosquatted domain to spoof Microsoft Entra authentication.
“This new tactic suggests that Void Blizzard is augmenting their opportunistic but focused access operations with a more targeted approach, increasing the risk for organizations in critical sectors,” Microsoft said.
Microsoft declined to answer questions about how many attacks have been attributed to Void Blizzard to date and how much the group’s threat activity levels have increased in the past year.
Laundry Bear has targeted “virtually all countries” in the European Union and NATO, Dutch intelligence and security agencies said in a cybersecurity advisory, adding that the group has also attacked organizations in Eastern and Central Asia.
Dutch officials said Laundry Bear operates at a high pace and described the group as “very successful,” compared to some other Russian state-sponsored threat groups.
The post New Russian state-sponsored APT quickly gains global reach, hitting expansive targets appeared first on CyberScoop.
from CyberScoop https://ift.tt/WjQnlMt
via IFTTT
Today, we’re announcing the general availability of Amazon Aurora DSQL, the fastest serverless distributed SQL database with virtually unlimited scale, the highest availability, and zero infrastructure management for always available applications. You can remove the operational burden of patching, upgrades, and maintenance downtime and count on an easy-to-use developer experience to create a new database in a few quick steps.
When we introduced the preview of Aurora DSQL at AWS re:Invent 2024, our customers were excited by this innovative solution to simplify complex relational database challenges. In his keynote, Dr. Werner Vogels, CTO of Amazon.com, talked about managing complexity upfront in the design of Aurora DSQL. Unlike most traditional databases, Aurora DSQL is disaggregated into multiple independent components such as a query processor, adjudicator, journal, and crossbar.
These components have high cohesion, communicate through well-specified APIs, and scale independently based on your workloads. This architecture enables multi-Region strong consistency with low latency and globally synchronized time. To learn more about how Aurora DSQL works behind the scenes, watch Dr. Werner Vogels’ keynote and read about an Aurora DSQL story.
The architecture of Amazon Aurora DSQL
Your application can use the fastest distributed SQL reads and writes and scale to meet any workload demand without any database sharding or instance upgrades. With Aurora DSQL, its active-active distributed architecture is designed for 99.99 percent availability in a single Region and 99.999 percent availability across multiple Regions. This means your applications can continue to read and write with strong consistency, even in the rare case an application is unable to connect to a Region cluster endpoint.
In a single-Region configuration, Aurora DSQL commits all write transactions to a distributed transaction log and synchronously replicates all committed log data to user storage replicas in three Availability Zones. Cluster storage replicas are distributed across a storage fleet and automatically scale to ensure optimal read performance.
Multi-Region clusters provide the same resilience and connectivity as single-Region clusters while improving availability through two Regional endpoints, one for each peered cluster Region. Both endpoints of a peered cluster present a single logical database and support concurrent read and write operations with strong data consistency. A third Region acts as a log-only witness which means there is is no cluster resource or endpoint. This means you can balance applications and connections for geographic locations, performance, or resiliency purposes, making sure readers consistently see the same data.
Aurora DSQL is an ideal choice to support applications using microservices and event-driven architectures, and you can design highly scalable solutions for industries such as banking, ecommerce, travel, and retail. It’s also ideal for multi-tenant software as a service (SaaS) applications and data-driven services like payment processing, gaming platforms, and social media applications that require multi-Region scalability and resilience.
Getting started with Amazon Aurora DSQL
Aurora DSQL provides a easy-to-use experience, starting with a simple console experience. You can use familiar SQL clients to leverage existing skillsets, and integration with other AWS services to improve managing databases.
To create an Aurora DSQL cluster, go to the Aurora DSQL console and choose Create cluster. You can choose either Single-Region or Multi-Region configuration options to help you establish the right database infrastructure for your needs.
1. Create a single-Region cluster
To create a single-Region cluster, you only choose Create cluster. That’s all.
In a few minutes, you’ll see your Aurora DSQL cluster created. To connect your cluster, you can use your favorite SQL client such as PostgreSQL interactive terminal, DBeaver, JetBrains DataGrip, or you can take various programmable approaches with a database endpoint and authentication token as a password. You can integrate with AWS Secrets Manager for automated token generation and rotation to secure and simplify managing credentials across your infrastructure.
To get the authentication token, choose Connect and Get Token in your cluster detail page. Copy the endpoint from Endpoint (Host) and the generated authentication token after Connect as admin is chosen in the Authentication token (Password) section.
Then, choose Open in CloudShell, and with a few clicks, you can seamlessly connect to your cluster.
After you connect the Aurora DSQL cluster, test your cluster by running sample SQL statements. You can also query SQL statements for your applications using your favorite programming languages: Python, Java, JavaScript, C++, Ruby, .NET, Rust, and Golang. You can build sample applications using a Django, Ruby on Rails, and AWS Lambda application to interact with Amazon Aurora DSQL.
2. Create a multi-Region cluster
To create a multi-Region cluster, you need to add the other cluster’s Amazon Resource Name (ARN) to peer the clusters.
To create the first cluster, choose Multi-Region in the console. You will also be required to choose the Witness Region, which receives data written to any peered Region but doesn’t have an endpoint. Choose Create cluster. If you already have a remote Region cluster, you can optionally enter its ARN.
Next, add an existing remote cluster or create your second cluster in another Region by choosing Create cluster.
Now, you can create the second cluster with your peer cluster ARN as the first cluster.
When the second cluster is created, you must peer the cluster in us-east-1 in order to complete the multi-Region creation.
Go to the first cluster page and choose Peer to confirm cluster peering for both clusters.
Now, your multi-Region cluster is created successfully. You can see details about the peers that are in other Regions in the Peers tab.
To get hands-on experience with Aurora DSQL, you can use this step-by-step workshop. It walks through the architecture, key considerations, and best practices as you build a sample retail rewards point application with active-active resiliency.
You can use the AWS SDKs, AWS Comand Line Interface (AWS CLI), and Aurora DSQL APIs to create and manage Aurora DSQL programmatically. To learn more, visit Setting up Aurora DSQL clusters in the Amazon Aurora DSQL User Guide.
What did we add after the preview?
We used your feedback and suggestions during the preview period to add new capabilities. We’ve highlighted a few of the new features and capabilities:
Aurora DSQL now provides a Model Context Protocol (MCP) server to improve developer productivity by making it easy for your generative AI models and database to interact through natural language. For example, install Amazon Q Developer CLI and configure Aurora DSQL MCP server. Amazon Q Developer CLI now has access to an Aurora DSQL cluster. You can easily explore the schema of your database, understand the structure of the tables, and even execute complex SQL queries, all without having to write any additional integration code.
Now available
Amazon Aurora DSQL is available today in the AWS US East (N. Virginia), US East (Ohio), US West (Oregon) Regions for single- and multi-Region clusters (two peers and one witness Region), Asia Pacific (Osaka) and Asia Pacific (Tokyo) for single-Region clusters, and Europe (Ireland), Europe (London), and Europe (Paris) for single-Region clusters.
You’re billed on a monthly basis using a single normalized billing unit called Distributed Processing Unit (DPU) for all request-based activity such as read/write. Storage is based on the total size of your database and measured in GB-months. You are only charged for one logical copy of your data per single-Region cluster or multi-Region peered cluster. As a part of the AWS Free Tier, your first 100,000 DPUs and 1 GB-month of storage each month is free. To learn more, visit Amazon Aurora DSQL Pricing.
Give Aurora DSQL a try for free in the Aurora DSQL console. For more information, visit the Aurora DSQL User Guide and send feedback to AWS re:Post for Aurora DSQL or through your usual AWS support contacts.
— Channy
from AWS News Blog https://ift.tt/ri3zEpy
via IFTTT
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”
Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,
from The Hacker News https://ift.tt/gvix3kX
via IFTTT
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds.
That population is already overwhelming the enterprise: many companies
from The Hacker News https://ift.tt/b8k7th1
via IFTTT