Security News

A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding to protecting sensitive data from cybercriminals. Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with 51% of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud.

Few understand their attack surface, says Trend Micro. Survey results from Trend Micro indicate that, when it comes to organizations understanding their attack surfaces, most don't.

These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor. "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference."Adversaries, a lot of their intrusions, are using cloud services of different types.

According to the survey, Kubernetes and cloud native technologies unlock innovation for organizations and allow them to achieve their goals. The benefits of cloud native technologies vary, depending on their usage and the maturity of the organizations using them, with elasticity and agility, resource optimisation and reduced service costs identified as the top benefits, and security the most important consideration.

In 2021, Dell, Intel, and VMware commissioned a custom study from Forrester Consulting to understand today's IT and business requirements for infrastructure, data storage, and application performance. We found that, though many businesses prefer to keep their infrastructure and data on-premises, they are adopting infrastructure-as-a-service to proactively optimize their deployment strategy across a hybrid of public cloud and private cloud infrastructure for IT and business gains.

Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion. A spokesperson wouldn't confirm the total number of employees affected, though told The Register that the "Widely speculated number on Twitter is a significant overestimate."

Regardless of how centralized or distributed, the weak link appears when private keys or other MPC components must be computationally executed on a CPU. The point of the encryption protocols is that the algorithm is public, and the security relies only on the keys. If an attacker infiltrates multiple hosts, and gains access to the required pieces, they can perform the multi-party computation on their own and steal digital assets and funds.

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression."

CIS offers virtual images hardened in accordance with the CIS Benchmarks, a set of vendor agnostic, internationally recognized secure configuration guidelines. CIS Hardened Images provide users a secure, on-demand, and scalable computing environment.

Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. Cloud data security entails securing data, whether at rest or in motion, on cloud-based infrastructure, applications, etc.