Security News

The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection. Talos, Cisco's cybersecurity research arm, reports it has detected a new malware campaign that is using public cloud infrastructure to host and deliver variants of three remote access trojans while maintaining enough agility to avoid detection.

Netskope released a research highlighting the continued growth of malware and other malicious payloads delivered by cloud applications. The year-over-year analysis identifies the top trends in cloud attacker activities and cloud data risks from 2021 as compared to 2020, and examines changes in the malware landscape throughout 2021, highlighting that attackers are achieving more success delivering malware payloads to their victims and offering advice for improving security posture in 2022.

Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope. In its "January 2022 Cloud and Threat Report" released Tuesday, Netskope noted that cloud storage apps gained even greater adoption in 2021.

While some may opt for the increasingly popular cloud-as-a-service model, outsourcing their cloud access and resources to a third-party, others are looking to private on-premises cloud solutions to mobilize their teams online. While an on-premises cloud solution might seem like an appealing way to get your team online while retaining full control and maximum security, is it really the best of both worlds? We'll get into that in a moment, but first let's outline what we mean by on-premises cloud and how it differentiates from regular cloud solutions.

There has been a lot of innovation that has sparked a new wave of technologies - from the boom in serverless technologies to the evolution of cloud automation security. These innovations have enabled organizations to improve business agility and reduce costs; but they've also increased the attack surface as demonstrated by a recent IDC report, which highlights that 98% of organizations suffered at least one cloud security breach in the previous 18-months.

The global healthcare cloud infrastructure market size is expected to reach $142 billion by 2028, according to ResearchAndMarkets. The growing trend of healthcare digitalization, rising expenditures, overburdened health systems, rising traffic on the network, growing data siloes, and the emergence of remote working is contributing to the demand for healthcare cloud infrastructure systems and solutions.

Nirmata announced a report that features an analysis of the current cloud native policy management market adoption, including the technologies used and the challenges that organizations face. The survey highlights that nearly 50 percent of users in cloud native environments have adopted some level of policy management solution in their Kubernetes environment.

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw. The move appears odd as The Apache Software Foundation credited Alibaba Cloud's Chen Zhaojunfor identifying and reporting the Log4J flaw in the first place.

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image. This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.

The credentials were a mixed bag in terms of sources, and it's not clear how these passwords became compromised. He added, "A compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools, the bad actors can start to identify patterns of how a person creates passwords. This is possible as the userID in question is an email address for the majority of the cases."