Security News

Firstly, crooks show up fast: occasionally, it takes them days to find newly-started, insecure cloud instances and break in, but Google wrote that discover-break-and-enter times were "As little as 30 minutes." Importantly, in our research, the cloud instances we used weren't the sort of cloud server that a typical company would set up, given that they were never actually named via DNS, advertised, linked to, or used for any real-world purpose.

While there is a time and place for onboarding additional cloud security solutions, it can also be easy to fall prey to the shiny object syndrome surrounding emerging solutions that are created in response to new security threats. Before rushing to invest in a new solution remember that matching additional solutions to emerging threats in a one-to-one game of whack-a-mole is not a sustainable strategy.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Threat Stack announced new alert context functionality to reduce mean-time-to-know within the Threat Stack Cloud Security Platform. Threat Stack's enhanced alert context provides meaningful data that will help guide security leaders' investigations into high severity alerts in real-time.

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks-and the costs of addressing them-are increasing. The survey of 300 cloud pros found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.

The CloudKnox deal is Microsoft's fourth cybersecurity acquisition over the last 12 months. Last June, Microsoft acquired CyberX to beef up its Azure IOT security capabilities and followed up soon after with a separate deal to buy firmware security security specialist ReFirm Labs.

SecurityWeek will host its 2021 Cloud Security Summit virtual event on Wednesday, July 21, 2021. Through a fully immersive virtual environment, attendees will be able to interact with end users tasked with securing various cloud environments and services, and gain insights from leading solution providers and industry experts.

While there are many different encryption techniques, none are completely secure, and the search continues for new technologies that can counter the rising threats to data privacy and security. In a recent study published in KeAi's International Journal of Intelligent Networks, a team of researchers from India and Yemen describe a novel, two-step cryptography technique - the first to combine genetic technology with mathematical technique.

Register for this upcoming webinar to learn how to reduce risk with integrated endpoint-to-cloud security. Currently, security from endpoints to the cloud involves multiple standalone tools that solve specific problems.

Cloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip. The shift toward the cloud is unstoppable, and inevitably, it's driving soaring demand for skilled security professionals, according to GIAC. Demand for specific cloud security skills is far outpacing the broader demand for cybersecurity skills, according to Burning Glass.