Skip to main content

Skyhigh Security Intelligence Digest

The Skyhigh Security Intelligence Digest is an ongoing series that analyzes recent and noteworthy cloud security threats and incidents, cybercriminal actors and campaigns, vulnerabilities, and more.

Another Sizeable Cloud Storage Repository Falls Victim To Ransom Attack

Another Sizeable Cloud Storage Repository Falls Victim To Ransom Attack

Rodman Ramezanian September 30, 2024

Cloud storage repositories have become an increasingly lucrative target for cybercriminals, offering a veritable buffet of sensitive data ripe for exploitation.

Read More
Ticketmaster's Encore: How “ShinyHunters” Hacked the Show

Ticketmaster's Encore: How “ShinyHunters” Hacked the Show

Rodman Ramezanian July 11, 2024

On a clandestine internet forum (another re-emergence of BreachForums), the hacking collective ShinyHunters is currently advertising what they claim to be 1.3 terabytes of Ticketmaster customer data.

Read More
Always Connected, Always Vulnerable: The Downside of Legacy VPN and Firewalls

Always Connected, Always Vulnerable: The Downside of Legacy VPN and Firewalls

Rodman Ramezanian April 29, 2024

The past year has been a constant game of whack-a-mole with VPN vulnerabilities, leaving organizations that use outdated remote access systems wide open to potential cyberattacks.

Read More
Double Trouble: Midnight Blizzard Rattles Microsoft and HPE in Hacking Fiasco

Double Trouble: Midnight Blizzard Rattles Microsoft and HPE in Hacking Fiasco

Rodman Ramezanian February 26, 2024

Recent reports of both Microsoft and Hewlett Packard Enterprise (HPE) being breached via their cloud-based email infrastructures have taken the cybersecurity industry by storm; frankly, for more reasons than one!

Read More
The Return of the Notorious Qakbot Threat Campaign

The Return of the Notorious Qakbot Threat Campaign

RODMAN RAMEZANIAN December 13, 2023

Remember the QakBot cyberthreat (otherwise known as Qbot or Pinkslipbot)? This threat was shut down as part of a coordinated law enforcement effort in August 2023—and it’s making a comeback!

Read More
MGM Resorts cyberattack–from cloud to casino floor

MGM Resorts cyberattack–from cloud to casino floor

RODMAN RAMEZANIAN October 18, 2023

The recent cyber intrusion targeting MGM Resorts International has underscored pressing issues surrounding the safeguarding of sensitive data and the exposed vulnerabilities that modern organizations confront within today’s threat landscape.

Read More
Healthcare Havoc: Data Breach Strikes Dozens of Hospitals and Clinics

Healthcare Havoc: Data Breach Strikes Dozens of Hospitals and Clinics

RODMAN RAMEZANIAN August 16, 2023

HCA Healthcare, a prominent healthcare provider with a widespread presence in Florida and 19 other states, recently fell victim to a severe data breach potentially affecting as many as 11 million people. The unsettling incident came to light when personal patient information surfaced on an online forum.

Read More
Ransomware’s Evolution

Ransomware’s Evolution

RODMAN RAMEZANIAN June 30, 2023

A recent advisory jointly released by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) details the heightened threats posed by the BianLian ransomware and extortion group. With the cybercriminal group active since June 2022, it appears that the more conventional encryption of victim files for ransomware payouts has now been shifted to exfiltration of compromised data for blackmail and extortion purposes.

Read More
Microsoft Azure environments hit by MERCURY attacks

Microsoft Azure environments hit by MERCURY attacks

RODMAN RAMEZANIAN May 25, 2023

According to recent industry research, multiple campaigns and tools being executed by the MERCURY APT group (aka MuddyWater, Static Kitten) – widely considered to be affiliated with Iranian Ministry of Intelligence and Security (MOIS) interests – have been observed launching damaging attacks in Microsoft Azure cloud environments.

Read More
Hickory Dickory Dock: Privacy Issues Plague TikTok Globally

Hickory Dickory Dock: Privacy Issues Plague TikTok Globally

RODMAN RAMEZANIAN April 24, 2023

What started as a means of generating laughs through short video clips during the coronavirus pandemic, TikTok has taken the attention-capturing short-form video format and solidified its place among the most popular social media apps. But just like other foreign-owned apps that go viral, Chinese-owned TikTok continues to face scrutiny over its data collection and privacy practices. This time, however, it’s not only the United States sounding the alarm bell.

Read More
It may only take one attack to get stung by OneNote!

It may only take one attack to get stung by OneNote!

RODMAN RAMEZANIAN March 15, 2023

As organizations continue their rampant surge into the cloud, OneNote presents a useful notetaking and task management bridge between corporate premises, BYOD, and enterprise cloud realms, however, attackers have turned their attention to the app as a viable route for malware distribution.

Read More
Dropped Out of the Box – Dropbox’s Source Code Repositories Leaked

Dropped Out of the Box – Dropbox’s Source Code Repositories Leaked

RODMAN RAMEZANIAN December 16, 2022

The latest inception of phishing attacks is on the horizon. With the pervasiveness of cloud apps and the evolving nature of how they are used, from single-sign-on token integrations, users are being prompted to authorize access in what has become an overlooked attack vector to facilitate data leakage.

Read More
Abuse of file-sharing services aids phishing campaigns, yet again!

Abuse of file-sharing services aids phishing campaigns, yet again!

RODMAN RAMEZANIAN November 17, 2022

Email has been the lifeblood of enterprise communication and collaboration for decades; there’s simply no doubt about it. Email, however, is also still one of the most effective ways to distribute malware or ransomware, responsible for over 90% of malware deliveries and infections.

Read More
Phishing. Credential Theft. Exfiltration. Extortion. The Saga Continues.

Phishing. Credential Theft. Exfiltration. Extortion. The Saga Continues.

RODMAN RAMEZANIAN August 25, 2022

Hot on the heels of numerous high-profile breaches at the hands of cybercrime gangs, Cisco undoubtedly takes no pleasure in confirming a breach of its corporate network in a recent extortion attack from the Yanluowang ransomware group.

Read More
(Ransom)Where are Microsoft 365 users now vulnerable?

(Ransom)Where are Microsoft 365 users now vulnerable?

RODMAN RAMEZANIAN August 3, 2022

A common misconception among enterprises and their users leads the belief that cloud environments are immune to threats of ransomware. However, in a recent discovery made by Proofpoint researchers, malicious actors can instigate ransomware attacks by exploiting Microsoft 365 file version backups – made available thanks to the platform’s native file “auto-save” feature.

Read More
It’s Plane To See – Unsecured Servers Can Put Lives at Stake

It’s Plane To See – Unsecured Servers Can Put Lives at Stake

RODMAN RAMEZANIAN July 6, 2022

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. The AWS S3 buckets containing approximately 3TB of data dating back to 2018 consisted of airport employee records, ID card photos, and personally identifiable information (PII), including names, photos, occupations, and national ID numbers.

Read More
Learnings from Lapsus$ — the Advanced Persistent Teenagers?

Learnings from Lapsus$ — the Advanced Persistent Teenagers?

RODMAN RAMEZANIAN June 9, 2022

The new hot name in ransomware attacks is Lapsus$. If you haven’t heard of them before, you’ve probably heard of some of the companies they attacked, including Nvidia, Samsung, Okta, and Microsoft – just to name a few. For the uninformed, Lapsus$ is a hacking group that focuses on data theft and extortion.

Read More
Not-So-Harmless Chats — MS Teams Used To Distribute Malware

Not-So-Harmless Chats — MS Teams Used To Distribute Malware

RODMAN RAMEZANIAN May 19, 2022

According to reporting from Bleeping Computer, threat actors are ramping up their efforts against Microsoft Teams for malware distribution by planting malicious documents in chat threads, ultimately resulting in victims executing Trojans that hijack their corporate systems.

Read More