Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
submitted by /u/digicat [link] [comments]
Articles tagged with: #cloud
Clear filter
Vulnerability management across hybrid cloud
I'm running into a wall with our current vulnerability management setup. We've got workloads spread across on-prem, AWS, and Azure, and I'm drowning in CVE alerts that aren't actually exploitable in our environment. Half of the vulnerabilities flagged are on systems behind three layers of security groups with no internet access, but they still get the same priority as internet-facing boxes. What's a good approach to filter by actual risks? submitted by /u/jilelectra [link] [comments]
Questions for WAF Specialist?
Hello Everyone, I am new to WAF but have worked on Imperva Cloud WAF. I was going through BIGIP(F5) documents, I have few questions for all the mates: 1) What is the standard best practice on critical websites? (Website directly on blocking mode or keep it in monitoring mode) 2) If the website is on monitoring mode(I assume it is not going to block anything), then what if DDOS or any other attacks such as Sql,XSS takes place then if there is a possibility of APPLICATION COMPROMISE? submitted by...
Cybersecurity Newsletter Weekly - AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks
Welcome to this week's edition of the Cybersecurity Newsletter, where we dissect the latest threats, vulnerabilities, and disruptions shaping the digital landscape. As organizations navigate an increasingly complex threat environment, staying ahead of emerging risks has never been more critical. This week, we're zeroing in on major incidents that underscore the fragility of cloud infrastructure,
New no nonsense platform for practice security learning
Recently discovered, this platform called vantagepoint. Its pretty clean and no nonsense, there are events you can register to and there is free event to regarding web application security with a wonderful lab. There are 3 certifications at present, 1 each for Mobile Appsec , Web AppSec and the Multi Cloud security expert which is what I am planning to get. What do you guys think? submitted by /u/int_over_flow [link] [comments]
Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
EDR-Redir uses a Bind Filter (mini filter bindflt.sys) and the Windows Cloud Filter API (cldflt.sys) to redirect the Endpoint Detection and Response (EDR) 's working folder to a folder of the attacker's choice. Alternatively, it can make the folder appear corrupt to prevent the EDR's process services from functioning. submitted by /u/Cold-Dinosaur [link] [comments]
Any help?
I am looking for a CSPM tool which can be used on an ad-hoc basis to assess client cloud native or hybrid environments. I am not looking for a reseller model. Ideally, the vendor would be UK or EU based (for data protection reasons). I have found other tools on the market, but they are either on a consultancy basis and based in the US, or reseller model and based UK/Europe. Any ideas? submitted by /u/CantaloupeVarious950 [link] [comments]
InfoSec News Nuggets 10/24/2025
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign We investigated a campaign waged by financially motivated threat actors operating out of Morocco. We refer to this campaign as Jingle Thief, due to the attackers' modus operandi of conducting gift card fraud during festive seasons. Jingle Thief attackers use phishing and smishing to steal credentials,
Which cybersecurity path is better for beginners: Cloud security or threat intelligence analyst?
. submitted by /u/Dizzy_Werewolf_5862 [link] [comments]
Why More People Are Taking Control of Their Digital Lives with Self-Hosted Alternatives
Remember when owning software meant you bought a CD, installed it, and it was yours until your computer died? Even if you got a new computer, you could install that same software on the new one. Only "serious" software packages had strict licensing restrictions. These days, most of our tools live in the cloud, guarded
DoiT Acquires CloudWize to Boost AI Cloud Security
The acquisition is part of DoiT's $250 million investment into AI-driven CloudOps and FinOps DoiT, provider of enterprise-grade FinOps and CloudOps solutions, today announced the acquisition of CloudWize, a multi-cloud security posture and compliance platform. This tech acquisition extends DoiT Cloud Intelligence(TM) beyond cloud financial management to include intelligent security posture,...
Phishing Cloud Account for Information, (Thu, Oct 23rd)
Over the past two months, my outlook account has been receiving phishing email regarding cloud storage payments, mostly in French and some English with the usual warning such as the account is about to be locked, space is full, loss of data, refused payment, expired payment method, etc.
HP pulls update that broke Microsoft Entra ID auth on some AI PCs
HP has pulled an HP OneAgent software update for Windows 11 that mistakenly deleted Microsoft certificates required for some organizations to log in to Microsoft Entra ID, effectively disconnecting them from their company's cloud environments.
Shadow IT: How do you actually find it without hunting it manually?
I have seen a lot lately about shadow IT becoming a prominent issue, we see many customer sites with laptops and desktops even servers deployed with minimal oversight. especially with access to confidential company data via active directory groups and shares. we have been testing tools to discover these types of hidden risks without manual work. There are quite a few software products on the market claiming to do agentless inventory, license, cloud, and asset discovery. Are there any products...
New Rust-Based ChaosBot Malware Leverages Discord for Stealthy Command and Control
A sophisticated new threat has emerged in the cybersecurity landscape, leveraging the popular communication platform Discord to conduct covert operations. ChaosBot, a Rust-based malware strain, represents an evolution in adversarial tactics by hiding malicious command and control traffic within legitimate cloud service communications. This approach allows attackers to blend seamlessly into normal network traffic, making
New York updates third-party risk guidance, adds AI provisions
The New York Department of Financial Services has clarified rules for financial institutions, highlighting AI oversight and lessons from recent cloud outages.
Fangs Out, Frames Up: 'Vampire: The Masquerade - Bloodlines 2' Leads a Killer GFN Thursday
The nights grow longer and the shadows get bolder with Vampire The Masquerade: Bloodlines 2 on GeForce NOW, launching with GeForce RTX 5080-power. Members can sink their teeth into the action role-playing game from Paradox Interactive as part of nine games coming to the cloud this week, including NINJA GAIDEN 4. Be among the first Read Article
Why Organizations Are Abandoning Static Secrets for Managed Identities
As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security
Introducing AWS RTB Fabric for real-time advertising technology workloads
AWS RTB Fabric is a fully managed service designed for real-time bidding advertising workloads that enables AdTech companies to connect with their supply and demand partners through a dedicated, high-performance network environment, delivering single-digit millisecond performance and up to 80% lower networking costs compared to standard cloud connections while eliminating the need for colocation infrastructure or upfront commitments.
"Jingle Thief" Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers