Security News

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "Dark pattern."

Hack blamed on new Google Authenticator sync feature. Retool is blaming the success of the hack on a new feature in Google Authenticator that allows users to synchronize their 2FA codes with their Google account.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices.

Salesforce announced a rebrand of its Einstein 1 Data Cloud and new capabilities for the Einstein generative AI assistant for CRM at the Dreamforce conference held in San Francisco on Tuesday, Sept. 12. Salesforce's Einstein 1 Data Cloud metadata framework will be integrated within the Einstein 1 Platform.

At its Google Next '23 event this week, Google revealed how - with the use of its PaLM 2 foundational model - it is applying the generative AI Duet AI to security solutions in Google Cloud, including posture management, threat intelligence and detection and network and data security. Integrating Duet AI into Chronicle explicitly addresses security operations workload and tool proliferation, and implicitly the shortage of security operators in SOC teams, Potti explained.

In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. Authentication devicesWhen companies want to start using secure authentication concepts like passwordless or even Smartcards it becomes an additional burden to deliver the authentication devices to their employees.

Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.

Danish cloud hosting firms CloudNordic and Azero - both owned by Certiqa Holding - have suffered a ransomware attack that resulted in most customer data being stolen and systems and servers rendered inaccessible. The companies believe the attack happened while they were transfering servers from one data center to another.

Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity. "More identity systems are being used to manage users, and organizations are losing visibility and control over their identities and access policies. So improvements in identity infrastructure intended to drive an improvement in an enterprise's cybersecurity posture have caused the opposite effect leading to complexity overload," said Michael Sampson, principal analyst for Osterman Research.

Json from CRED FILE NAMES file name array to GCLOUD CREDS FILES file name array[+] added netrc, kubeconfig, adc. Db from CRED FILE NAMES file name array[-] removed dload function[+] added commented dload function invocation for posting final results[+] added commented wget command to download and execute https://everlost.