Security News

Researchers have disclosed a new severe Oracle Cloud Infrastructure vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets.

83% of educational organizations confirmed they store sensitive data in the cloud. With educators and students constantly sharing that information, they are more concerned about insider threats than other industries.

Orca Security released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most critical security gaps are found. The report, compiled by the Orca Research Pod, includes key findings from analyzing cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform from January 1st until July 1st 2022.

Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more. Bug hunter Sam Curry claims to have heard from an Uber employee.

In this whitepaper we describe the various CSP security offerings and provide a framework for data protection with a set of strategic selection criteria. In relation to the "Big Three" CSPs-Amazon Web Services, Google Cloud Platform, and Microsoft Azure-we make an attempt to objectively reflect on what their data security services entail, based on discussions with CSPs and the published documentation made publicly available by the CSPs. It also outlines what enterprises should be aware of prior to consuming these services in the context of their belated yet increasing capabilities in the data-centric security space.

Laminar released findings from its 2022 Security Professional Insight Survey conducted at AWS re:Inforce in July 2022 and Black Hat in August 2022. The research revealed gaps in organizations' defenses that security teams will want to proactively address to reduce their risk of data exposure.

Couchbase announced findings from industry research examining the challenges faced by development teams amid the race to the cloud and to execute on digital transformation initiatives. "The modern business depends on the developer and development agility more than ever before. Development teams are not assisting the business, they are leading it to new frontiers through digital transformation. That's why they need to be given the right resources: be it cloud-based infrastructure, CI/CD friendly tooling and the right training. This is what will ensure success in these times of product-led transformation and growth."

Google closed its $5.4 billion Mandiant acquisition today in a move that brings the threat intel and incident response giant under the Google Cloud umbrella. Six months and one shareholder lawsuit later, the two companies' combined services and products help customers shift to a "More proactive approach" to security operations, according to Google Cloud CEO Thomas Kurian.

A Netwrix survey revealed that 47% of educational institutions suffered a cyberattack on their cloud infrastructure within the last 12 months. For 27% of them, incidents in the cloud were associated with unplanned expenses to fix security gaps.

Organizations continue to shift workloads to the cloud at a rapid pace to achieve faster time to market, increased responsiveness, and cost reductions. With the majority of organizations expected to have more than half their workloads in the cloud within the next 12-18 months, it is no surprise that cloud security continues to remain a top concern.