Security News

Which is why I'm pleased to announce that the Center for Internet Security has tested its CIS Hardened Images with two popular cloud services: Azure Update Manager and Amazon EC2 Image Builder. Making sure the essentials are covered to help YOU. The CIS Hardened Images are virtual machine images that are pre-hardened to the security recommendations of the CIS Benchmarks.

Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome's V8 JavaScript engine and Google Cloud's Kernel-based Virtual Machine. The exploit writers should make their exploitation attempts against a V8 version running on Google infrastructure.

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL...

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an...

One of the core benefits of the cloud is the ability to move fast and innovate rapidly, which means teams may just throw in the towel and grant admin privileges to their entire cloud identities instead of tackling the massive deluge of individual requests for access. Cloud identity management is a real challenge, but organizations are capable of preventing identity risk exposure and identity threats, especially if they avoid the four common pitfalls.

While the cloud has brought benefits such as flexibility, scalability, agility, and cost efficiency to organizations in recent years, there are still unforeseen costs. 52% of IT professionals admitted their organizations have wasted significant IT spend due to inefficiencies with cloud platforms and services.

The second day of announcements at Intel's Innovation event in San Jose, California focused on privacy and security, including confidential AI. Major announcements included an attestation service for Intel Trust Authority and a software toolkit for fully homomorphic encryption. An attestation service will join the Intel Trust Authority, a security assessment platform released in 2022.

At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic. CrowdStrike Falcon covers endpoint security, Extended Detection and Response, cloud security, threat intelligence, identity protection, security/IT Ops and observability.

Public cloud infrastructure brought forth another significant shift, redefining the boundaries between applications and infrastructure. The advent of public cloud platforms, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, has greatly influenced the design, deployment, and management of applications.