Security News

From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan. In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.

Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance reveals. "In the wake of COVID-19, organizations substantially accelerated their digital transformation initiatives to accommodate a remote workforce." said Hillary Baron, lead author and research analyst at CSA, the world's leading organization in defining standards, certifications, and best practices to help ensure a secure cloud computing environment.

Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service attacks which peaked at 46 million requests per second, making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.

Incident response in the cloud is far simpler than on-premises incident response. There is a catch, though: All the tools you need to do IR reside in the platform of your favorite cloud providers and SaaS products, so you need to do some initial setup to be prepared for an incident.

Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. The SANS 2022 Cloud Security Exchange on Thursday 25th August aims to do just that, providing an online forum for cloud providers, end user organisations and consultants to put their heads together and build better defenses for their cloud workloads.

In this Help Net Security video, Christophe Tafani-Dereeper, Cloud Security Researcher and Advocate at DataDog, talks about Stratus Red Team, an open-source project for adversary emulation and validation of threat detection in the cloud. The tool supports common AWS and Kubernetes attack techniques.

As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. Development teams leverage the benefits of data in the cloud to generate a growing amount of cloud data stores and tools, to keep up with innovation.

60% of IT and security leaders are not confident in their organization's ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute. This Help Net Security video shows how zero trust can increase the security of your digital transformation.

A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications, Oxeye researchers have found. The source of "ParseThru" - as the newly discovered vulnerability has been dubbed - is the use of unsafe URL parsing methods built in the language.

Different cloud providers and private cloud platforms may offer similar capabilities but different ways of implementing security controls, along with disparate management tools. Old Security Tools No Longer Effective in the Cloud Security tools not born in the cloud are ill-equipped to protect applications running in the cloud for many reasons.