Security News

The Feds are warning that cybercriminals are bypassing multi-factor authentication and successfully attacking cloud services at various U.S. organizations. "These types of attacks frequently occurred when victim organizations' employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services," the alert outlined.

In light of successful cyberattacks targeting organizations' cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security. The attacks observed by CISA exploit poor cyber hygiene practices within cloud services configurations, and the agency says the activity is not tied to a specific threat actor or the recent SolarWinds attack.

By acquiring HyTrust, Entrust adds a critical management layer for encryption, cryptographic keys, and cloud security policy to its digital security solutions, serving the data protection and compliance needs of organizations accelerating their digital transformations. "HyTrust solutions help enterprises manage, automate and scale security controls across computing environments. Now, customers can turn to Entrust as a single source for high-assurance data protection, identity and compliance solutions that allow enterprises to encrypt data and enforce security policy across virtualized, public and hybrid cloud environments."

In the industry's five-year outlook, hybrid cloud is the only IT model showing positive growth among financial company respondents, and it is expected to increase by 39% in that timeframe. 43% of financial services companies plan to increase their investment in private cloud over the next year, 10% higher than the global average - pinpointing that private cloud adoption is crucial to creating a modern hybrid cloud.

The US Cybersecurity and Infrastructure Security Agency said today that threat actors bypassed multi-factor authentication authentication protocols to compromise cloud service accounts. While threat actors tried gaining access to some of their targets' cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled.

Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services and Microsoft Azure. Best known for the HITRUST CSF, the Texas-based company has worked with healthcare, technology and information security organizations to help organizations safeguard sensitive information and manage information risk.

SEE: 5 programming languages cloud engineers should learn. The programming languages below are selected because they represent the best languages for cloud engineers to know when working within their field to leverage all platforms and maximize compatibility.

American technology company Ubiquiti this week revealed that one of its third-party cloud providers suffered a data breach. "We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user's account," Ubiquiti said in a notification published on Monday.

Developed with Amazon Web Services and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider's unique solution offering. Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others.

By bringing StackRox's powerful Kubernetes-native security capabilities to Red Hat OpenShift, Red Hat will further its vision to deliver a single, holistic platform that enables users to build, deploy and securely run nearly any application across the entirety of the hybrid cloud. Red Hat has long been a leader in security for enterprise open source solutions, beginning with Red Hat Enterprise Linux and continually evolving to set new standards to secure cloud-native environments.