Security News
Finding out exactly which assets are put at risk through compromised accounts or breached assets requires mapping potential attack paths across a comprehensive map of all the relationships between assets. Today, mapping potential attack paths is performed with scanning tools such as AzureHound or AWSPX. Those are graph-based tools enabling the visualization of assets and resources relationships within the related cloud service provider.
In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment. A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and more critical compute finds its way into these cloud environments, and the security teams start to take notice.
Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC. Michael Taggart, a security researcher, recently demonstrated that the node. "I have confirmed that the node.exe packaged with the Adobe Customer Experience service can run any JavaScript you point it to," he explained to The Register.
"Just a few hours of compromise could result in profits for the perpetrators. That's why we're seeing a continuous fight for cloud CPU resources. It's akin to a real-life capture-the-flag, with the victim's cloud infrastructure the battleground," said Stephen Hilt, Senior Threat Researcher at Trend Micro. Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals.
Autodesk needed scalable and secure cloud security to build new applications and extend internal data centers. Fortinet's Adaptive Cloud Security enabled Autodesk to implement a scalable, secure VPC model that would both satisfy the north-south firewall requirement and facilitate minimal latency for east-west traffic.
Autodesk needed scalable and secure cloud security to build new applications and extend internal data centers. Fortinet's Adaptive Cloud Security enabled Autodesk to implement a scalable, secure VPC model that would both satisfy the north-south firewall requirement and facilitate minimal latency for east-west traffic.
Learn how you can simplify security management, ensure full visibility, and achieve broad protection across your workloads and applications. The post The Key to Optimizing Cloud Security on AWS...
Autodesk needed scalable and secure cloud security to build new applications and extend internal data centers. Fortinet's Adaptive Cloud Security enabled Autodesk to implement a scalable, secure VPC model that would both satisfy the north-south firewall requirement and facilitate minimal latency for east-west traffic.
Microsoft said that it's currently tracking a "Low volume of exploit attempts" targeting the critical Spring4Shell remote code execution vulnerability across its cloud services. The Spring4Shell vulnerability impacts the Spring Framework, described as the "Most widely used lightweight open-source framework for Java.".
It allows businesses to stream Windows 10 or Windows 11 Cloud PCs to end-users under Windows 365 Business or Windows 365 Enterprise subscriptions. Users will be able to quickly switch between their own desktop and the Cloud PC using the Windows Task Switcher once the cloud-based service gets upgraded with a new feature dubbed Windows 365 Switch.