Security News

Over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year, and 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive, according to Netskope. "Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls," said Ray Canzanese, Threat Research Director, Netskope Threat Labs.

One popular use of JSON is the JWT system, which isn't pronounced jer-witt, as it is written, but jot, an English word that is sometimes used to refer the little dot we write above above an i or j, and that refers to a tiny but potentially important detail. Loosely speaking, a JWT is a blob of JavaScript that is used by many cloud services as a service access token.

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.

To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings. Google's announcement followed that of Proton, an encrypted cloud storage platform launched in 2013 in Geneva, Switzerland by CEO Andy Yen.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

While migration to and between all types of cloud services poses security challenges, migration to and between public cloud services presents the greatest security challenge, with potentially dire consequences. According to the Flexera State of the Cloud Report 2022, public cloud adoption continues to accelerate, with half of all study respondents' workloads and data residing in a public cloud.

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. Toubba added in a new update to the original statement that Lastpass' cloud storage was accessed using "Cloud storage access key and dual storage container decryption keys" stolen from its developer environment.

According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability. It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.

"Several years ago in cybersecurity, companies realized that the single greatest threat vector was the individual end user. So, the focus shifted from perimeter and end-point security to automatically applying security at the user level," said Jeff Kukowski, CEO of CloudBolt. "I think this new report reveals a similar parallel in cloud security. Macro solutions that don't make cloud security automatic at the individual, cloud-provisioning 'moment of truth' create lots of opportunity for exposure and leave enterprises only 'somewhat, sometimes' secure. I predict 2023 will be the year we see significantly more focus on shoring up these current cloud security shortfalls. It's a very solvable problem when you apply the right approaches," Kukowski continued.

Security benefits of on-premises networks Monitoring and on-site staff mitigate security risks. "On-premises security deals with deploying tools that require all network traffic to be routed via the physical security appliances residing on the network premises, so it can be monitored and analyzed to mitigate security risks," Thangaraj said.