CVE-2023-2868, a vulnerability in the Barracuda ESG was announced on May 23. On June 15th, a report surfaced, attributing the exploitation of this vulnerability to a threat actor group tracked as UNC4841, which analysts believe is conducting espionage on behalf of the Chinese government. SecurityScorecard’s STRIKE Team consulted its datasets to identify possibly affected organizations.

Netskope Threat Labs is tracking phishing campaigns that are abusing several free cloud services to host their websites and collect user information. These campaigns host their phishing sites in AWS Amplify which is available to free-tier users. Some phishing campaigns also abuse Telegram and Static Forms to collect users’ credentials. These phishing attacks aim to steal banking, webmail, and Microsoft 365 credentials, as well as victims’ card payment details.

Infrastructure as code (IaC) has changed how we deploy and manage our cloud infrastructure. Instead of having to manually configure servers and networks with a large operations team, we can now define our service architecture through code. IaC allows us to automate infrastructure deployment, scale our entire fleet of servers, document a history of changes to our architecture, and test incremental changes to the network.

On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications — dubbed “nOAuth” — could lead to full account takeover. nOAuth is the latest in a large number of vulnerabilities and architectural weaknesses in Microsoft software and systems like Active Directory that can be exploited and put organizations at risk.

XDR and MDR are cybersecurity solutions to enhance an organization's threat identification and response capabilities. While both solutions target the same objective, they employ different approaches. MDR strengthens an organization's internal security team with external expertise, whereas XDR streamlines security architecture through a centralized dashboard and automation of tedious tasks.

Identity theft is common in the US and can happen to anybody. The FTC received 1.1 million reports of identity theft in 2022, which made it the most prevalent type of fraud complaint they received that year. The internet has made identity theft easy, with the FTC reporting that most fraud happened via text, phone, email, websites and social media. Some cases even involved online ads, including pop-up ads.