Security News

Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance reveals. This Help Net Security video highlights how organizations adopt cloud infrastructures to support their remote and hybrid work environments.

65.1% of respondents said they currently have data resident in the public cloud. With public cloud adoption having a compound annual growth rate of nearly 26%, it's surprising that respondents haven't yet hardened data security for these assets.

During AWS re:Inforce, Amazon executives emphasized how important access control is when it comes to cloud security and why IT leaders need to ask who has access to what and why. The executives emphasized the importance of enabling multi-factor authentication and blocking public access, with Kurt Kufeld, vice president of AWS platform, going as far as to say it "Will absolutely save lives."

From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan. In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.

Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance reveals. "In the wake of COVID-19, organizations substantially accelerated their digital transformation initiatives to accommodate a remote workforce." said Hillary Baron, lead author and research analyst at CSA, the world's leading organization in defining standards, certifications, and best practices to help ensure a secure cloud computing environment.

Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service attacks which peaked at 46 million requests per second, making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.

Incident response in the cloud is far simpler than on-premises incident response. There is a catch, though: All the tools you need to do IR reside in the platform of your favorite cloud providers and SaaS products, so you need to do some initial setup to be prepared for an incident.

Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. The SANS 2022 Cloud Security Exchange on Thursday 25th August aims to do just that, providing an online forum for cloud providers, end user organisations and consultants to put their heads together and build better defenses for their cloud workloads.

In this Help Net Security video, Christophe Tafani-Dereeper, Cloud Security Researcher and Advocate at DataDog, talks about Stratus Red Team, an open-source project for adversary emulation and validation of threat detection in the cloud. The tool supports common AWS and Kubernetes attack techniques.

As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. Development teams leverage the benefits of data in the cloud to generate a growing amount of cloud data stores and tools, to keep up with innovation.