AMD secure VM tech undone by DRAM meddling

December 10, 2024 at 11:10AM Researchers revealed that AMD’s Secure Encrypted Virtualization (SEV) can be compromised using low-cost hardware. Their “BadRAM” attack exploits the SPD chip to bypass memory access restrictions. This vulnerability undermines SEV’s integrity and affects major cloud providers, prompting AMD to prepare an advisory and recommend securing SPD locks on memory modules. … Read more

Nebraska Man pleads guilty to dumb cryptojacking operation

December 5, 2024 at 07:09PM Charles O. Parks III pleaded guilty to running a large-scale cryptojacking operation that defrauded cloud service providers out of $3.5 million to mine nearly $970,000 in cryptocurrency. He used various aliases, abused services, laundered profits, and faces up to 20 years in prison upon sentencing. **Meeting Takeaways: Charles O. Parks … Read more

Vendors Unveil New Cloud Security Products, Features at AWS re:Invent 2024

December 3, 2024 at 09:06AM At AWS re:Invent 2024, new cloud security products were announced including AWS’s incident response service and enhanced threat detection for Amazon GuardDuty using AI. Wiz launched Wiz Defend for real-time threat detection, while Sweet Security introduced a unified platform. Skyhawk Security announced interactive detection capabilities for suspicious activities. ### Meeting … Read more

AWS unveils cloud security IR service for a mere $7K a month

December 2, 2024 at 08:36PM Amazon Web Services (AWS) has launched a new incident response service, combining automation and human intervention, with a starting price of $7,000 per month. The service offers 24/7 support, threat analysis, and centralized tools for managing security incidents, available in 12 global regions. Pricing increases with AWS spending tiers. ### … Read more

Protecting Tomorrow’s World: Shaping the Cyber-Physical Future

November 29, 2024 at 06:21AM The webinar “Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025” examined the integration of digital and physical realms, addressing emerging technologies, security concerns, and strategies for businesses. Key trends impact the evolving threat landscape, emphasizing the need for robust security measures, proactive threat detection, and comprehensive cyber-physical preparedness … Read more

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

November 29, 2024 at 05:33AM Microsoft addressed four security vulnerabilities in its AI and cloud offerings, including a critical privilege escalation flaw (CVE-2024-49035) exploited in the wild. Other flaws include XSS and authentication issues in various products. While most have been mitigated, users are advised to update Dynamics 365 Sales apps for security. ### Meeting … Read more

Apono Enhances Platform Enabling Permission Revocation and Automated Access

November 21, 2024 at 05:36PM Apono has updated its Cloud Access Platform, allowing automatic discovery and revocation of standing access to enhance security across cloud environments. This update supports Just-in-Time, Just-Enough access, reducing vulnerabilities while maintaining operational efficiency. In-person demonstrations will be held at AWS re:Invent from December 2-6. Visit www.apono.io for details. ### Meeting … Read more

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

November 19, 2024 at 12:40PM Microsoft has announced the preview availability of hotpatching for Windows 365 and Windows 11 Enterprise 24H2 client devices. This feature allows for updates to be applied without requiring a system reboot, enhancing efficiency and performance for users. **Meeting Takeaways:** 1. **Announcement**: Microsoft has announced the preview availability of hotpatching. 2. … Read more

Akamai Reports Third Quarter 2024 Financial Results

November 18, 2024 at 04:55PM Akamai Technologies reported a $1.005 billion revenue for Q3 2024, a 4% increase year-over-year, with strong growth in security and cloud computing solutions. However, GAAP net income fell 64%. An $82 million restructuring charge impacted income metrics. The company remains optimistic about future product traction and performance. ### Meeting Takeaways … Read more

Google Cloud to Assign CVEs to Critical Vulnerabilities 

November 13, 2024 at 01:03PM Google Cloud will begin assigning CVE identifiers to significant cloud vulnerabilities, including those that do not necessitate immediate patching. This move aims to improve transparency and accountability in addressing security issues within its cloud services. **Meeting Takeaways:** 1. **CVE Assignment**: Google Cloud will now assign Common Vulnerabilities and Exposures (CVE) … Read more