Security News

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. "Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware," explains a Western Digital support bulletin.

This apparent success of security teams is particularly interesting given that CISOs on average rated their organization's overall security posture lower than they did over the previous year. 80% of respondents said they believed that their organization's security culture has improved to some degree in the last year.

Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. Earlier this March, Google Mandiant disclosed North Korea-based APT43's use of the hash rental and cloud mining services to obscure the forensic trail and wash the stolen cryptocurrency "Clean."

Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro. As a result, cloud security and the foundational practices of their teams will be absorbed into the SOC to increase efficiencies in the coming years.

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report today, honoring the top 50 Certified CISOs globally.

Infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment - the same explanation it gave when the same thing happened a couple of weeks ago. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's cloud systems.

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report today, honoring the top 50 Certified CISOs globally.

As cloud adoption pervades, one of the bigger security and privacy challenges for cloud service customers is having to relinquish a significant amount of control and ownership of their data and infrastructure to cloud service providers. Every CSP will implement security differently and every cloud model will have varying degrees of security control ownership, which is why it might be difficult for them to meet all security requirements.

Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage, public cloud storage use is on the rise, with 89% of respondents looking to increase or maintain their cloud services. "The media and entertainment industry is a key vertical for cloud storage services, driven by the need for accessibility to large media files among multiple organizations and geographically distributed teams," said Andrew Smith, senior manager of strategy and market intelligence at Wasabi Technologies, and a former IDC analyst.

A new security flaw has been disclosed in the Google Cloud Platform's Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig said.