Security News

Google's Cybersecurity Action Team has released its first "Threat horizon" report on the scary things it's found on the internet. The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, "That fact that attackers could find and compromise our honeypots in minutes was shocking," Unit 42 principal cloud security researcher Jay Chen wrote in the post. The study clearly shows how quickly these common misconfigurations can lead to data breaches or attackers' taking down an entire network-given that "Most of these internet-facing services are connected to some other cloud workloads," Chen wrote.

Based on a survey of 150 security professionals, the research examined the challenges and current maturity level of digital forensics and incident response of cyber-attacks on cloud environments. It found that organizations are approximately 4x more likely to say both their cloud DFIR capabilities are less mature and cloud investigations are harder to conduct relative to traditional environments.

In this Help Net Security interview, Bill Tolson, VP of Global Compliance and eDiscovery at Archive360, talks about the importance of cloud compliance and what companies can do meet the requirements when shifitng to the cloud. What industries are more at risk of cloud compliance issues and why?

Cybercriminals are targeting Alibaba Elastic Computing Service instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted.

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

The survey revealed that as data becomes more complex, and data rules and regulations expand and evolve, new challenges such as data privacy, security, and quality have emerged that threaten to hinder data initiatives. Further, the survey revealed that sensitive data use is on the rise, and the tasks associated with managing sensitive data - data cataloging, data discovery, and access control - are the most challenging.

Similar to last year's results, cloud adoption has continued to grow, but cost and regulatory requirements are two major challenges cited by respondents. Given the events of the COVID-19 pandemic, one might have expected a bigger spike in cloud adoption to support remote and hybrid work environments.

Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.

The Microsoft Detection and Response Team says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking.