Security News

Open source software and software supply chain security risks continue to be a primary concern for developers and organizations. According to a 2022 study by electronic design and automation company Synopsys, 84% of open source software codebases contained at least one known vulnerability - a nearly 4% increase from last year - and 48% contained a high-risk vulnerability.

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.

Attackers can exfiltrate company data stored in Google Cloud Platform storage buckets without leaving obvious forensic traces of the malicious activity in GCP's storage access logs, Mitiga researchers have discovered. "In normal usage, files inside storage objects are read multiple times a day as part of day-to-day activity of the organization," Mitiga cloud incident responder Veronica Marinov noted.

Google closed its $5.4 billion Mandiant acquisition today in a move that brings the threat intel and incident response giant under the Google Cloud umbrella. Six months and one shareholder lawsuit later, the two companies' combined services and products help customers shift to a "More proactive approach" to security operations, according to Google Cloud CEO Thomas Kurian.

Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service attacks which peaked at 46 million requests per second, making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.

Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform environments, providing security recommendations and threat detection across clouds. Defender for Cloud is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.

Google has announced the public preview of a new Virtual Machine Threat Detection system that can detect cryptocurrency miners and other malware without the need for software agents. A significant problem for developers and enterprises using cloud-based virtual machines is the constant targeting of threat actors who breach servers to install cryptominers.

Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. "While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation," Google's Cybersecurity Action Team outlined as part of its recent Threat Horizons report published last week.

Google Cloud and Workday announced a strategic partnership that will enable businesses across the world to further their digital transformations. As a Workday preferred cloud partner across core industries-such as healthcare, financial services, and retail-Google Cloud will help businesses run Workday enterprise applications for finance, HR, and planning in a public cloud environment, with ease-of-management, and low network latency.

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.