Security News

Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia's director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. "We are working very hard on a top-secret cloud initiative," Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared "Near instantaneously."

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to...

Nearly all organizations rely on the cloud to store sensitive data and run critical systems. 93% agree that zero-trust segmentation is essential to their cloud security strategy.

A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The Register it is fire-fighting the situation with the credit unions downed this week by the intrusion.

VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 or port 5480," VMware explains.

Cloud-based security initiatives, such as Secure Access Service Edge and Security Service Edge, comprising Secure Web Gateway, Cloud Access Security Brokers, Data Loss Prevention, and Zero Trust Network Access, effectively push security to wherever the corporate users, devices, and resources are - all via the cloud. For starters, this hybrid security architecture adds up the cost and complexity of managing disparate security solutions, something organizations desperately attempt to overcome with cloud-based converged security stacks.

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration...

In the last year, 47% of all data breaches originated in the cloud, and more than 6 in 10 respondents believe cloud security is lacking and poses a severe risk to their business operations, according to Illumio. 97% believe Zero Trust Segmentation can greatly improve their organization's cloud security strategy because it improves digital trust, ensures business continuity, and bolsters cyber resilience.

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data...

Cloud PCs give you access to Windows AI tools on any device, and Windows 365 now has AI-powered tools to help IT give users the right cloud PC for their needs. Microsoft is adding more AI tools to Windows, including Copilot on Windows 11, and giving developers more tools to create AI features of their own for Windows.