Cybersecurity

Category Added in a WPeMatico Campaign

Cybersecurity

Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

The staggering 198.3 gigabytes of misconfigured database contained more than 260,000 records including customer selfies with unredacted credit cards. Cybersecurity researcher Jeremiah Fowler recently uncovered a misconfigured cloud database that had left a wealth of sensitive data exposed. The affected database contained records attributed to customers of BuyGoods.com, alternatively recognized in the industry as Softwareproject. […]

Cybersecurity

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable GKE clusters due to admins configuring RBAC bindings making the system:authenticated group overprivileged, which could potentially allow any Google account […]

Cybersecurity

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Jan 24, 2024NewsroomCloud Security / Kubernetes Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters […]

Cybersecurity

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver 

Ransomware In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.   By: Emmanuel Panopio, Christian Jason Geollegue, Julius Keith Estrellado, Christian Alpuerto, Shawn Austin Santos, Emmanuel Roll, Rhio Manaog, Gerald Fernandez, […]

Cybersecurity

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows “threat actors to terminate antivirus processes and services for the deployment of […]