Category: Cloud security

September 18, 2023

Of all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]

September 14, 2023

Lacework and Snowflake announced an expanded partnership that advances the future of cloud infrastructure and further automates cloud security at scale. The extended partnership empowers security teams with direct access to their Lacework cloud security data through Snowflake’s secure data […]

September 13, 2023

Cisco has unveiled Cisco Secure Application (previously Security Insights for Cloud Native Application Observability) on the Cisco Full-Stack Observability Platform, enabling organizations to bring together application and security teams to securely develop and deploy applications. The latest release of Cisco […]

September 12, 2023

Netskope has unveiled that its existing strategic alliance with Deloitte has expanded with the addition of Netskope to the Managed Extended Detection and Response (MXDR) by Deloitte platform. The new Netskope module on MXDR by Deloitte will include advanced cloud […]

August 9, 2023

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized […]

August 2, 2023

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments “The SSM agent, a legitimate […]

July 27, 2023

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security […]

July 19, 2023

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, […]

July 14, 2023

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that’s focused on Azure and Google Cloud Platform (GCP) services, marking the adversary’s expansion in targeting beyond Amazon Web Services (AWS). The findings come from […]

July 12, 2023

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. “The attack consists of Python code that loads an XMRig Miner directly into memory using […]

July 11, 2023

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. “Cloud environments are still their primary target, but the […]

June 19, 2023

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. “These attacks likely rely on access to multiple virtual private servers (VPS) […]

May 25, 2023

Google has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments. […]

May 19, 2023

As enterprises move more of their business infrastructure into the cloud, they are grappling with the challenges of managing multiple cloud environments. Security firms are tackling multicloud security through increased visibility, cross-platform implementations, or a combination of the two. On […]

April 28, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure Active Directory (Azure AD) to reveal suspicious behavior as the developer […]

April 25, 2023

Google’s cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language […]

April 21, 2023

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and […]

April 17, 2023

Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are […]

April 11, 2023

A “by-design flaw” uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. “It is possible to abuse and leverage Microsoft Storage Accounts by manipulating […]

March 31, 2023

As IT infrastructure becomes more diverse, organizations face the challenge of integrating data management and control, according to Nutanix. The research showed that the majority of IT teams leverage more than one IT infrastructure, a trend that’s expected to intensify […]