Security News

28% of companies are using four or more public/private clouds today, but that is expected to more than double in two years to 65%. "As cloud service providers improve their security and data protection offerings, decision-makers increasingly realize they can't protect their firms' data on-premises as well as they can in the cloud. But migrating existing IAM tools and processes to multicloud IaaS, PaaS, and private clouds creates problems that firms must solve" according to the Forrester study. "According to the Forrester study, firms can't just lift-and-shift existing IAM tools from on-premises to the cloud," said Eric Olden, CEO of Strata Identity.

Cloudreach released data highlighting the latest cloud technology trends, underscoring the impact the cloud skills gap is having on businesses. Multi-cloud capabilities, cloud system development, and cloud governance were the top three areas most impacted by the skills gap, according to respondents.

Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. The flaw, tracked as CVE-2022-23121, was exploited by the NCC Group's EDG team members and relied on the open-source service named "Netatalk Service" that was included in My Cloud OS. The vulnerability, which has a CVSS v3 severity score of 9.8, allows remote attackers to execute arbitrary code on the target device, in this case, WD PR4100 NAS, without requiring authentication.

Over the past two years, companies' adoption of public cloud services has surged, but fast-paced change and weaker security controls have led to an increase in data breaches, finds a Laminar report. As companies go digital-first, data security professionals are managing an increasingly complex multi-cloud environment, while struggling with a lack of visibility, inadequate controls, and rising shadow data problem.

Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud. The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.

Cloud security: How your public cloud environment may be vulnerable to data breach. A report released Tuesday by cloud security provider Laminar examines how a lack of visibility, poor controls and shadow data can leave your cloud environment open to security threats.

A Hornetsecurity hybrid cloud adoption survey of 900+ IT professionals primarily based in North America and Europe found that 93% of businesses are adopting a hybrid of cloud and on-premise solutions or migrating fully to the cloud within 5 years. While 29% of respondents said they are using hybrid cloud solutions as a steppingstone to a full cloud environment, 67% of respondents see hybrid as a final destination for their infrastructure due to workloads that must remain on premise.

Orca Security released a research report on public cloud security alert fatigue. "Multiple, disconnected tools continue to plague security teams. Having to sift through hundreds of 'high priority' often meaningless alerts is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages," said Avi Shua, CEO, Orca Security.

Security alerts from multiple cloud vendors are overwhelming IT professionals. What happens when those notifications get out of hand? A report released Tuesday by cloud security provider Orca Security details how a flood of security alerts can easily trigger alert fatigue.

Sensitive mobile app data found unprotected in the cloud. Experienced developers who use the cloud to create mobile apps typically try to harden their apps to protect them against different types of attack.