Security News

Signatures should become cloud security history
2024-07-18 03:00

It's becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source image behavior at runtime.

What Is Cloud Penetration Testing & Why Is It Important?
2024-07-15 10:00

In the ever-evolving landscape of cybersecurity, cloud security has emerged as a critical concern for organizations worldwide for a few years now. Cloud security is sometimes misunderstood or underestimated.

Call, text logs for 110M AT&T customers stolen from compromised cloud storage
2024-07-12 14:09

AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big, you haven't seen anything: This latest one includes data on "Nearly all" AT&T wireless customers - and those served by mobile virtual network operators running on AT&T's network. Some customers could be at risk because "a subset" of records contained in that online storage included one or more cell tower identification numbers, allowing snoops to potentially roughly geolocate a customer whose data was stolen in the attack.

Break-in at 'third-party cloud platform' leaked 110M customer records, says AT&T
2024-07-12 14:09

Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big you haven't seen anything: This one...

BlastRADIUS Vulnerability Discovered in RADIUS Protocol Used in Corporate Networks and Cloud
2024-07-11 20:08

A BlastRADIUS attack involves the attacker intercepting network traffic between a client, such as a router, and the RADIUS server. While MD5 is well-known to have weaknesses that allow attackers to generate collisions or reverse the hash, the researchers say that the BlastRADIUS attack "Is more complex than simply applying an old MD5 collision attack" and more advanced in terms of speed and scale.

CloudSorcerer hackers abuse cloud services to steal Russian govt data
2024-07-08 15:11

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. [...]

47% of corporate data stored in the cloud is sensitive
2024-07-05 04:00

As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage...

Enterprises increasingly turn to cloud and AI for database management
2024-06-27 03:00

Across various tasks, from predictive analytics to code generation, organizations in all sectors are exploring how AI can add value and increase efficiency. In this Help Net Security video, Ryan Booz, PostgreSQL Advocate at Redgate, discusses the key findings of Redgate's State of the Database Landscape Report.

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code...

Managing Cloud Security Posture: Continuous Monitoring and Hardening for Visibility and Compliance
2024-06-17 16:00

Cloud adoption is not slowing down, and neither is the cloud threat landscape. Despite delivering many goodies, API endpoints hosted in the cloud can be susceptible to at least 12 security issues.