Archive for the ‘Cloud computing’ Category

Does your company need secure enclaves? Five questions to ask your CISO

Some of the biggest barriers to cloud adoption are security concerns: data loss or leakage, and the associated legal and regulatory concerns with storing and processing data off-premises. In the last 18 months, 79% of companies have experienced at least one cloud data breach; even more alarmingly, 43% have reported 10 or more breaches in that time. […]

Leave a Comment

The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks

While cloud breaches are going to happen, that doesn’t mean we can’t do anything about them. By better understanding cloud attacks, organizations can better prepare for them. Cloud breaches are inevitable. It’s the reality we live in. The last few years have demonstrated that breaches occur, no matter how much security organizations put in place. […]

Leave a Comment

Alkira Partners With Fortinet to Secure Cloud Networks

Alkira today announced it has integrated its cloud service for connecting multiple networks with firewalls from Fortinet. Announced at the AWS re:Inforce event, the integration makes it possible to automate the configuration and deployment of Fortinet firewalls via the FortiManager platform using a control plane that integrates with the networking services provided by multiple cloud service providers. Ahmed […]

Leave a Comment

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]

Leave a Comment

General Access Control Guidance for cloud system

Role Based Access Control in Cloud Computing: Role Based Access Control Using Policy Specification and Ontology on Clouds

Leave a Comment

The importance of understanding cloud native security risks

In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment. A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and […]

Leave a Comment

General Access Control Guidance for Cloud Systems

Access Control Management in Cloud Environments

Leave a Comment

The rising threat of cyber criminals targeting cloud infrastructure in 2022

The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the coming year. Linux and cloud infrastructure will continue to be a […]

Leave a Comment

Top 10 Facts Every CIO Should Know About Cloud in 2022

With great power comes great responsibility and CIOs (Chief Information Office) of an organization are no different. Technology is always changing, it is a very difficult job to keep up with the changes. CIOs are expected to be aware of and have a detailed understanding of major IT industry trends, new technologies, and IT best […]

Leave a Comment

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported. The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along withMailChimp and Steam […]

Leave a Comment

SECURITY GUIDANCE FOR 5G CLOUD INFRASTRUCTURES

Prevent and Detect Lateral Movement Security and Privacy Preserving for IoT and 5G Networks: Techniques, Challenges, and New Directions  Related articles: The Best & Worst States in America for Online Privacy  Wireless Wars: China’s Dangerous Domination of 5G  👇 Please Follow our LI page… DISC InfoSec #InfoSecTools and #InfoSectraining #InfoSecLatestTitles #InfoSecServices

Leave a Comment

There is no cloud…just someone else’s computer

Practical Cloud Security: A Guide for Secure Design and Deployment MicroMasters® Program in Cloud Computing

Leave a Comment

Human hacking increased as apps and browsers moved completely to the cloud

“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.” Human interaction online has largely moved to […]

Leave a Comment

Supply Chain Emerging as Cloud Security Threat

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes. These were the results of a report from Palo Alto Networks’ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider. […]

Leave a Comment

IBM Report Shows Severity of Cloud Security Challenges

IBM Security Services today published a report detailing a raft of issues pertaining to cloud security, including the fact that there are nearly 30,000 cloud accounts potentially for sale on dark web marketplaces. The report is based on dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and […]

Leave a Comment

Keys to the cloud: Unlocking digital transformation to enhance national security

This, paired with the “anything you can do, I can do better” mantra adopted by today’s nation-state threat actors, has left mission-critical information vulnerable to attack as it undergoes the great cloud migration. These agile threat actors – without any red tape to stand in their way – have already adopted a cloud-centric mindset, oftentimes at […]

Leave a Comment

Operationalize AWS security responsibilities in the cloud

What do AWS Partners with Level 1 Managed Security Service (MSSP) Competency provide? All AWS Level 1 MSSP Competency Partners provide at minimum the ten 24/7 security monitoring, protection, and remediation services as defined in the Level 1 Managed Security Services baseline. Those ten 24/7 services specifically are below. Many of the Level 1 MSSP […]

Leave a Comment

The 3 Rs of visibility for any cloud journey

While Security Orchestration Automation and Response (SOAR) solutions help automate and structure these activities, the activities themselves require telemetry data that provide the breadcrumbs to help scope, identify and potentially remedy the situation. This takes increasing significance in the cloud for a few reasons: The public cloud shared security model may lead to gaps in the telemetry (e.g., lack […]

Leave a Comment

For Hackers, APIs are Low-Hanging Fruit

By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, Geico, Facebook, Peleton and […]

Leave a Comment

US CISA and NSA publish guidance to secure Kubernetes deployments

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. Below is the list of mitigations provided by the US agencies: Scan containers and Pods for vulnerabilities or misconfigurations. Run containers and Pods with the least privileges possible. Use network […]

Leave a Comment