A joint advisory issued by cybersecurity agencies of Five Eyes (US, UK, Australia, Canada and New Zealand) warns that Russia-linked APT29 threat actors (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) have switched to targeting cloud services. The APT29 group (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) The alert warns of the changes in recent tactics, techniques, and procedures (TTPs) associated with the nation-state actor. “As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR ..read more

The complexity facing businesses as they make the necessary transition to cloud-native applications and multi-cloud architectures keeps cloud teams firmly on the frontline when it comes to implementing security policies. The constant risks of misconfiguration and malicious attack demand that already overstretched cloud security practitioners have to find a more effective way of keeping pace with the challenge. And one answer is to introduce automation into policy management practices in a phased and seamlessly manageable way. Palo Alto Networks has built a cloud-native application protection p ..read more

Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security. Cybersecurity Insiders notes that, in the past, companies have typically deployed a piecemeal range of minimally connected solutions to meet their cloud security needs. This approach can create security teams with alerts from multiple standalone tools and dashboards. It looks like it might now be consigned to the dustbin of IT history however, as mo ..read more

Google Cloud has patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. “An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster,” the company said in an advisory. “The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial ..read more

In China, clouds are a symbol of luck. See multiple layering of clouds in a blue sky can mean you are in line to receive eternal happiness. If only that was true in the complex world of IT, where multi-cloud compute environments are rapidly becoming the norm. But complicated management processes and visibility gaps can present opportunities to hackers, while the dynamic nature of cloud provisioning can create additional blind spots. The risks are constantly changing, and the resource scalability which is such an asset to IT departments is also a disadvantage when even minor misconfigurations c ..read more

In the natural world, there are ten different kinds of cloud – a rare simplicity in meteorological terms. But in our global business environment, there’s no single defining feature to aid classification. Multi-cloud environments in particular spawn a lot of complexity, and their continuous evolution can also create cyber security blind spots. And because scalability is built in, even a minor misstep can quickly blow up into a major security incident. A one-size- fits- all approach to cloud security is unlikely to work in these hybrid deployments, where every cloud is different and individual t ..read more

Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia’s director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. “We are working very hard on a top-secret cloud initiative,” Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared “near instantan ..read more

Businesses value the availability, scalability, and reliability of the cloud. They recognize that cloud computing can enable data to flow freely to where it needs to be accessed and processed, providing a huge advantage for organizations that operate on a global scale. However, the rise of cloud computing, coupled with the broader movement toward the “internationalization” of data, has led to a corresponding increase in scrutiny of data governance and how to ensure relevant digital sovereignty requirements are met. Read More on Dark Reading The post Considerations for Managing Digital Sovereig ..read more

Oracle now requires multifactor authentication on all instances within its cloud environment, Oracle Cloud Infrastructure. Every new tenancy is created with MFA enabled by default for cloud administrators, Oracle said. The company also “seeded” all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA. Oracle provides a number of tools to give cloud administrators the ability to manage configuration and access control policies to create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private ..read more

For a third of small and medium-sized businesses (SMBs) thinking about migrating their infrastructure to the cloud, security is not a strategic priority, new research has claimed. A new Amazon Web Services report surveying more than 800 C-suite executives, vice presidents, and directors, from global SMBs, discovered ober a third (35%) won’t be prioritizing security in their cloud migration efforts. Why? There are a number of reasons. The biggest one is that the respondents see it as an added cost and not a growth enabler. This way of thinking, AWS argues, is because 41% haven’t delivered any s ..read more