Security News

Is cloud the solution to optimized data privacy?
2022-01-19 06:30

In this interview with Help Net Security, Sophie Stalla-Bourdillon, Senior Privacy Counsel and Legal Engineer at Immuta, talks about data privacy, what organizations can a must do to keep data secure, and explains the technologies that can help optimize data protection processes. According to the Immuta State of Data Engineering Survey, organizations are increasingly adopting multiple cloud technologies to keep up with the scale, speed, and use cases required by modern data teams.

What are the barriers to moving legacy data to the cloud?
2022-01-19 06:00

While 95% of tech leaders worldwide say moving their legacy application data to the cloud is a priority, and 80.5% want to do it within the next 12 months, only 35% of tech leaders currently store more than half their legacy data in the cloud. Given the increased availability of cloud infrastructures over the past decade, these numbers suggest that many organizations continue to have serious concerns about cloud deployments, and are still approaching the issue of cloud migration very cautiously.

Week in review: 2022 cloud security trends, Microsoft fixes wormable RCE
2022-01-16 09:00

Phishers are targeting Office 365 users by exploiting Adobe CloudPhishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. Microsoft fixes wormable RCE in Windows Server and WindowsThe first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server.

7 obstacles that organizations face migrating legacy data to the cloud
2022-01-14 16:58

Moving legacy data and other assets to the cloud is perceived by many organizations as a way to better manage risks, improve efficiency, trim costs and comply with regulatory requirements. As many legacy technologies were designed for on-premises use, migrating them to the cloud can be a challenging process.

Continuous security and compliance for hybrid cloud, the Red Hat way
2022-01-13 18:00

Compliance has become so demanding in cloud deployments that many organizations have moved from manual security checks to procedures based on continuous automated monitoring and compliance, notes Lucy Huh Kerner, Red Hat's Director of Security Global Strategy and Evangelism. Continuous security and compliance are how these issues can be prevented for better security and not merely for "Check-the-box" compliance.

Phishers are targeting Office 365 users by exploiting Adobe Cloud
2022-01-13 14:22

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Adobe Cloud Abused to Steal Office 365, Gmail Credentials
2022-01-13 14:00

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

The rising threat of cyber criminals targeting cloud infrastructure in 2022
2022-01-13 06:30

For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
2022-01-12 21:04

Cyberattackers are abusing Amazon Web Services and Azure Cloud services to deliver a trio of remote access trojans, researchers warned - all aimed at hoovering up sensitive information from target users. "When the initial script is executed on the victim's machine, it connects to a download server to download the next stage, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance."

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
2022-01-12 20:12

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. "From the use of cloud infrastructure to host malware to the abuse of dynamic DNS for command-and-control activities. Additionally, the layers of obfuscation point to the current state of criminal cyber activities, where it takes lots of analysis to get down to the final payload and intentions of the attack."