Security News

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware...

Four different Microsoft Azure services have been found vulnerable to server-side request forgery attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft.

Starting now, for just $1, you can get comprehensive agentless and runtime cloud security coverage for all of 2023, covering up to 1,000 eligible assets. Steve Shedlock, Incident Response Team Lead at SEIC, says, "I would not want to do security anywhere without the level of visibility that Uptycs provides."

Over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year, and 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive, according to Netskope. "Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls," said Ray Canzanese, Threat Research Director, Netskope Threat Labs.

One popular use of JSON is the JWT system, which isn't pronounced jer-witt, as it is written, but jot, an English word that is sometimes used to refer the little dot we write above above an i or j, and that refers to a tiny but potentially important detail. Loosely speaking, a JWT is a blob of JavaScript that is used by many cloud services as a service access token.

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.

To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings. Google's announcement followed that of Proton, an encrypted cloud storage platform launched in 2013 in Geneva, Switzerland by CEO Andy Yen.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

While migration to and between all types of cloud services poses security challenges, migration to and between public cloud services presents the greatest security challenge, with potentially dire consequences. According to the Flexera State of the Cloud Report 2022, public cloud adoption continues to accelerate, with half of all study respondents' workloads and data residing in a public cloud.

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. Toubba added in a new update to the original statement that Lastpass' cloud storage was accessed using "Cloud storage access key and dual storage container decryption keys" stolen from its developer environment.