Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. “Infrastructure as code has replaced a lot of the need for console access for many organizations, but there are still plenty of instances where the console is still being used, and in some cases, you need to use the AWS console to perform … More → The post Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity appeared first on Help Ne ..read more

Many companies consider AI-powered threats to be the top cloud security threat to their business. Concerningly, less than half are confident in their ability to tackle those threats, according to a recent Aqua Security survey. In this Help Net Security video, Michal Lewy-Harush, Aqua Security’s CIO, discusses the top cloud security threat global businesses. The post Exposing the top cloud security threats appeared first on Help Net Security ..read more

Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in combination with [a] flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account,” CISA’s Cyber Safety Review Board (CSRB) noted in a recently released Review of the … More → The post A “cascade” of errors let Chinese hackers into US government inboxes appeared first on Hel ..read more

Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it at no cost and start receiving high-signal alerts. Where honeypots are good at detecting lateral movement once the initial application has been compromised, Cloud Active Defense brings the deception directly into that initial application. “We … More → The post Cloud Active Defense: Open-source cloud protection appeared f ..read more

In this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective. The post The most concerning risks for 2024 and beyond appeared first on Help Net Security ..read more

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures (TTPs) of modern cloud threat actors like LUCR-3 (Scattered Spider). CloudGrappler queries for high-fidelity activities of threat actors in the cloud. This tool can identify and scrutinize individual log events, providing a perspective … More → The post CloudGrappler: Open-source tool detects activ ..read more

Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats. Looking ahead, innovative solutions leveraging AI and automation offer promising avenues to simplify identity management and enhance security in modern work environments. What are the most pressing identity security risks and threats for … More → The post How organizations can navigate ..read more

Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to be part of the Russian Foreign Intelligence Service (SVR), known for breaching several US government agencies after the supply chain compromise of SolarWinds software. Microsoft was victim of the same breach and, more recently, … More → The post APT29 revamps its techniques to breach cloud environments appeared first on Help N ..read more

After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies who do not currently have access to Microsoft Purview Audit Premium (E5/G5/Compliance Mini-Suite). And for those that do have Audit Premium, they will retain the additional capabilities of intelligent insights and extended retention periods, in … More → The post Microsoft begins broadening free cloud logging capabili ..read more

According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to detect and respond to security threats or incidents affecting their cloud infrastructure. Common cloud security mistakes SentinelOne researchers highlighted common cloud security mistakes organizations must avoid if they want to keep their cloud environment safe: … More → The post Common cloud security mistakes and how to avoid them app ..read more