Security News

Amazon Linux 2023: Create and execute cloud-based applications with enhanced security
2023-03-16 08:30

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. Amazon Linux 2023 is provided at no additional charge.

Rushed cloud migrations result in escalating technical debt
2023-03-16 04:00

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue of technical debt, according to SoftwareOne. 38% said the accumulation of this debt is largely because of rushed cloud migrations during the pandemic, with 31% failing to optimize their workloads before commencing the migration process.

Security in the cloud with more automation
2023-03-14 03:45

We're now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services. Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process.

Cloud security, hampered by proliferation of tools, has a “forest for trees” problem
2023-03-10 17:28

Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the 2023 State of Cloud-Native Security Report. In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.

Navigating data classification in the era of extensive cloud adoption
2023-03-09 04:00

Cloud adoption has had significant effects on data classification, minimization, and end-of-life data disposal. Just 55% of organizations can boast a mature data classification model that determines when data has reached EOL-meaning that nearly half fall short when it comes to determining when to dispose of cloud-stored data.

CrowdStrike: Attackers focusing on cloud exploits, data theft
2023-03-07 16:51

Skies are overcast for cloud security With defenders' scanning for malware, data extraction is easier Zero trust key to malware-free insurgency Worldwide growth in hacktivists, nation-state actors and cybercriminals A rogues' gallery of jackals, bears and other adversaries Versatility key to cloud defenders and engineers Skies are overcast for cloud security. Cloud exploitation increased three-fold, with threat actors focused on infiltrating containers and other components of cloud operations, according to Adam Meyers, senior vice president of intelligence at CrowdStrike.

Securing cloud workloads with Wazuh - an open source, SIEM and XDR platform
2023-03-06 15:05

Cloud workload security is a practice that ensures all cloud workloads are adequately monitored and protected. Cloud security solutions assist in protecting against threats targeting cloud infrastructure thereby lowering risk, improving application reliability, and ensuring regulatory compliance.

Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks
2023-03-06 11:51

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.

Google Cloud Platform allows data exfiltration without a (forensic) trace
2023-03-01 14:43

Attackers can exfiltrate company data stored in Google Cloud Platform storage buckets without leaving obvious forensic traces of the malicious activity in GCP's storage access logs, Mitiga researchers have discovered. "In normal usage, files inside storage objects are read multiple times a day as part of day-to-day activity of the organization," Mitiga cloud incident responder Veronica Marinov noted.

SCARLETEEL hackers use advanced cloud skills to steal source code, data
2023-02-28 16:00

An advanced hacking operation dubbed 'SCARLETEEL' targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. While the attackers deployed cryptominers in the compromised cloud environments, the hackers showed advanced expertise in AWS cloud mechanics, which they used to burrow further into the company's cloud infrastructure.