Security researchers at Palo Alto Networks have spotted a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables. As part of the large-scale extortion campaign, Palo Alto Networks warned that the attackers targeted 110,000 domains through exposed .env files containing sensitive information, which were stored on unsecured web applications and misconfigured servers. These .env files allow organizations to define configura
compromised (2)
It is difficult to stop supply chain attacks if partner accounts are compromised. What can you do when these attacks are indistinguishable from insider threats? The current rash of financial fraud and supply chain attacks exploit a seemingly unsolvable vulnerability in your security strategy. Attackers exploit the fact that you must communicate with outside partners and vendors to thrive as a company or an institution.
As you interact with partners, the door to exploitation opens, specifically
