Russia-linked APT29 switched to targeting cloud services
Security Curated » Cloud security
by Pierluigi Paganini
1M ago
A joint advisory issued by cybersecurity agencies of Five Eyes (US, UK, Australia, Canada and New Zealand) warns that Russia-linked APT29 threat actors (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) have switched to targeting cloud services. The APT29 group (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) The alert warns of the changes in recent tactics, techniques, and procedures (TTPs) associated with the nation-state actor. “As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR ..read more
Visit website
Harness the power of security automation
Security Curated » Cloud security
by Elizabeth Coles
1M ago
The complexity facing businesses as they make the necessary transition to cloud-native applications and multi-cloud architectures keeps cloud teams firmly on the frontline when it comes to implementing security policies. The constant risks of misconfiguration and malicious attack demand that already overstretched cloud security practitioners have to find a more effective way of keeping pace with the challenge. And one answer is to introduce automation into policy management practices in a phased and seamlessly manageable way. Palo Alto Networks has built a cloud-native application protection p ..read more
Visit website
Enter the era of platform-based cloud security
Security Curated » Cloud security
by Jack Kirkstall
3M ago
Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security. Cybersecurity Insiders notes that, in the past, companies have typically deployed a piecemeal range of minimally connected solutions to meet their cloud security needs. This approach can create security teams with alerts from multiple standalone tools and dashboards. It looks like it might now be consigned to the dustbin of IT history however, as mo ..read more
Visit website
Google Cloud says it has fixed a significant security flaw
Security Curated » Cloud security
by ITCurated
3M ago
Google Cloud has patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. “An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster,” the company said in an advisory. “The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial ..read more
Visit website
Learning the safety language of the cloud
Security Curated » Cloud security
by Elizabeth Coles
4M ago
In China, clouds are a symbol of luck. See multiple layering of clouds in a blue sky can mean you are in line to receive eternal happiness. If only that was true in the complex world of IT, where multi-cloud compute environments are rapidly becoming the norm. But complicated management processes and visibility gaps can present opportunities to hackers, while the dynamic nature of cloud provisioning can create additional blind spots. The risks are constantly changing, and the resource scalability which is such an asset to IT departments is also a disadvantage when even minor misconfigurations c ..read more
Visit website
Read the clouds, reduce the cyber risk
Security Curated » Cloud security
by Elizabeth Coles
4M ago
In the natural world, there are ten different kinds of cloud – a rare simplicity in meteorological terms. But in our global business environment, there’s no single defining feature to aid classification. Multi-cloud environments in particular spawn a lot of complexity, and their continuous evolution can also create cyber security blind spots. And because scalability is built in, even a minor misstep can quickly blow up into a major security incident. A one-size- fits- all approach to cloud security is unlikely to work in these hybrid deployments, where every cloud is different and individual t ..read more
Visit website
Australia building ‘top secret’ cloud to catch up and link with US, UK intel orgs
Security Curated » Cloud security
by Simon Sharwood
4M ago
Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia’s director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. “We are working very hard on a top-secret cloud initiative,” Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared “near instantan ..read more
Visit website
Considerations for Managing Digital Sovereignty: The Executive Perspective
Security Curated » Cloud security
by Marina Kaganovich, AMERS Financial Services Executive Trust Lead, Google Cloud Office of the CISO
5M ago
Businesses value the availability, scalability, and reliability of the cloud. They recognize that cloud computing can enable data to flow freely to where it needs to be accessed and processed, providing a huge advantage for organizations that operate on a global scale. However, the rise of cloud computing, coupled with the broader movement toward the “internationalization” of data, has led to a corresponding increase in scrutiny of data governance and how to ensure relevant digital sovereignty requirements are met. Read More on Dark Reading The post Considerations for Managing Digital Sovereig ..read more
Visit website
Oracle Enables MFA by Default on Oracle Cloud
Security Curated » Cloud security
by Dark Reading Staff, Dark Reading
5M ago
Oracle now requires multifactor authentication on all instances within its cloud environment, Oracle Cloud Infrastructure. Every new tenancy is created with MFA enabled by default for cloud administrators, Oracle said. The company also “seeded” all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA. Oracle provides a number of tools to give cloud administrators the ability to manage configuration and access control policies to create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private ..read more
Visit website
Many SMBs aren’t seeing security as a priority, for some reason
Security Curated » Cloud security
by ITCurated
6M ago
For a third of small and medium-sized businesses (SMBs) thinking about migrating their infrastructure to the cloud, security is not a strategic priority, new research has claimed. A new Amazon Web Services report surveying more than 800 C-suite executives, vice presidents, and directors, from global SMBs, discovered ober a third (35%) won’t be prioritizing security in their cloud migration efforts. Why? There are a number of reasons. The biggest one is that the respondents see it as an added cost and not a growth enabler. This way of thinking, AWS argues, is because 41% haven’t delivered any s ..read more
Visit website

Follow Security Curated » Cloud security on FeedSpot

Continue with Google
Continue with Apple
OR