[Some Interesting] Cloud ‘n Sec news: 04th Mar 22

What’s worth your reading time



Better data handling for Sentinel

What’s better than all your logs in one place? All your logs that have been normalized as required, being into sentinel. This is now possible due to ASIM normalization which is in public preview) built-into Sentinel.

The Advanced Security Information Model (ASIM) is Microsoft Sentinel’s normalization engine. Until now, you had to deploy ASIM from Microsoft Sentinel’s GitHub. Starting today, ASIM is built into Microsoft Sentinel.

Since this is not an in-depth article on ASIM, if you want to learn more, there are multiple use cases and examples to when use Sentinel with this product, you can find some, here.


It’s been a slow week for AWS.



NVIDIA data stolen, claims of it hacking threat actors back

Initial reports of this surfaced last week (circa 24th feb) with general ideas being thrown on twitter and some news outlet:

Nvidia Breach Seen as Ransomware Attack Unconnected to Ukraine — Bloomberg

Didn’t take long for researchers and news to point out how the threat actors faced a hack back from Nvidia.

source: https://twitter.com/S0ufi4n3/status/1497456379665076224?s=20&t=lgklGD_OlXW7Vq_xyoNUXg

Major news outlets reported the happening too:

Nvidia allegedly hacked its hackers, stole its data back | TechSpot

Finally, on the 1st of march, Nvidia confirmed they had Data stolen in a cyberattack, according to bleeping computer:

intruders access to proprietary information data and employee login data.

News of the attack came to light late last week and the actor claiming it, a data extortion group named Lapsus$, started to share details about the incident and the damage they produced.

Lapsus$ also leaked a large document archive (close to 20GB) claiming it was from the 1TB cache they stole from Nvidia.

NVIDIA said that there was no evidence of a ransomware attack but the threat actor stole employee credentials and proprietary information, giving weight to Lapsus$’s claims.

The company said that its team is currently sifting through the information to analyze it and notes that the incident is not expected to disrupt its business or the ability to serve customers.

You can read the full statement and more here.

The story is still developing with the threat actor demanding NVIDIA to release future drivers under “Free and open-source software” (FOSS) licensing.

Sanctions to Russia go beyond the physical

Some technology providers are blocking some Russian content as a response for the country’s decision to invade Ukraine.

Youtube has blocked Russia state-owned channels, read more here.

Netflix went a step ahead and (although mandated by the Russian governemnt) it wont broadcast State-run cotent, plus cancelled 4 russian productions of theirs.

Facebook implemented a few restrictions to Russia too.

Read more here.

Threat Actors

Conti Ransomware group leak

The conflict between Russia and Ukraine has given a few gifts to the cybersecurity community, after Anonymous making an announcement years after being silent — Some indications suggest that multiple leaks against the Conti gang were also motivated by the conflict.

A great summary of leaks can be found in Ars technica, which states:

The unfolding series of leaks started on Sunday when @ContiLeaks, a newly created Twitter account, began posting links to logs of internal chat messages that Conti members had sent among themselves.

Read more details here.

Follow me on twitter: Camillo (@iamcamillo) / Twitter

Learn more about my Cloud and Security Projects:

Web: www.cloudnsec.com

Listen: bit.ly/cloudnsecspotify
Watch: bit.ly/cloudnsecyoutube

Thank you for reading and leave your thoughts/comments!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andre Camillo

Andre Camillo


Cloud and Security technologies, Career, sometimes Music and Gaming easter eggs. Technical Specialist @Microsoft. Opinions are my own.