Security News

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files that contain credentials associated with cloud and social media applications. Env files, out of which 7,000 belonged to organizations' cloud services and 1,500 variables are linked to social media accounts.

Cybercriminals are breaking into organizations' cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. Exposed environment files hold keys to hosting cloud environments.

Maybe not surprising then that cloud security often tops the CISO agenda but it's a complex topic to keep on top of. Entirely free of charge, this annual meeting of top security minds is an opportunity for security professionals everywhere to learn from, and network with, experts and peers to build on their existing cloud security knowledge.

Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks.

Traditional cloud security issues often associated with cloud service providers are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. "It's tempting to think that the reason the same issues have remained in the top spots since the report was last issued stems from a lack of progress in securing these features. The larger picture speaks to the importance placed on these vulnerabilities by organizations and the degrees to which they are working to build ever more secure and resilient cloud environments," said Michael Roza, co-chair, Top Threats Working Group.

Black Hat State-sponsored cyber spies and criminals are increasingly using legitimate cloud services to attack their victims, according to Symantec's threat hunters who have spotted three such operations over recent months, plus new data theft and other malware tools in development by these goons. This piece of malware used Microsoft's Graph API to communicate with the attacker's command and control server, hosted on Microsoft OneDrive.

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control communications as a way to avoid having a dedicated infrastructure and evade detection.

Cloud computing certifications can expand your skills and teach you how to navigate major cloud providers like Google Cloud or AWS. Specializations in certain cloud providers can serve as strong foundations for niche careers, while nearly all businesses use some form of cloud service. These courses teach how to perform cloud support in Microsoft Azure solutions and services, and how to adapt technology diagnostic skills specifically to IT and cloud problems.

More organizations rely on cloud platforms to reap the benefits of scalability, flexibility, availability, and reduced costs. However, cloud environments come with security challenges and...