December 12, 2024 at 05:19PM Researchers found over 296,000 exposed Prometheus servers and exporters on the web, revealing sensitive data like plaintext passwords and enabling potential denial of service attacks. Vulnerabilities also posed risks for repojacking attacks, where attackers exploit deleted usernames to execute malicious code. Users are urged to secure their installations. ### Meeting … Read more
December 6, 2024 at 04:18AM The 2024 IBM Cost of the Data Breach Report reveals that 40% of data breaches from March 2023 to February 2024 involved data stored in multiple environments, including the cloud. SANS offers best practices to help safeguard your cloud infrastructure effectively. **Meeting Takeaways:** 1. **SANS Best Practice Guidance:** – Participants … Read more
November 4, 2024 at 08:29AM API security vulnerabilities have significantly increased, with a 21% rise in flaws reported. Key issues include misconfigured APIs, poor design, inadequate security testing, and lack of visibility. Organizations must implement strict authorization checks, consistent testing, and governance frameworks to mitigate risks and protect against breaches and attacks. ### Meeting Takeaways … Read more
October 24, 2024 at 06:42PM Amazon Web Services resolved a critical vulnerability in its Cloud Development Kit (CDK), which allowed potential account hijacking through predictable S3 bucket names. Discovered by Aqua, the flaw affected about 1% of users. AWS has implemented changes in version v2.149.0 to enhance security, requiring user action for older versions. **Meeting … Read more
October 16, 2024 at 06:02PM A critical bug in Kubernetes Image Builder (CVE-2024-9486) allows unauthorized SSH access to VMs due to default credentials. It poses the highest risk to Proxmox provider images, earning a CVSS of 9.8. Users should upgrade to Image Builder v0.1.38 or later to mitigate this vulnerability. **Meeting Takeaways: Kubernetes Image Builder … Read more
August 29, 2024 at 03:45PM Top travel and hospitality companies face serious security vulnerabilities, exposing customers to potential risks. An investigation by security vendor Cequence revealed significant flaws in major booking sites including Orbitz, Kayak, Skyscanner, and Travelocity, with 91% containing the most serious vulnerabilities and potential for man-in-the-middle attacks. Cloud infrastructure issues and PCI … Read more
August 14, 2024 at 11:28AM Google is implementing privacy-focused AI features on Android devices, using end-to-end protection to secure data in transit and keeping sensitive data locally on the device. Gemini, a new AI assistant, helps with various tasks and operates on-device or in the cloud based on complexity and privacy requirements. These measures aim … Read more
August 13, 2024 at 04:52PM Google’s new AI assistant, Gemini, prioritizes privacy by using end-to-end protection for data in transit and keeping sensitive data on the device. It can handle tasks both on-device and in the cloud, ensuring privacy and data security. Google emphasizes user control and privacy technologies, with a detailed white paper forthcoming. … Read more
July 22, 2024 at 08:55AM FLUXROOT, a financially motivated threat actor, abused Google Cloud serverless projects to conduct phishing attacks, targeting Latin America. This highlights the trend of threat actors exploiting cloud computing for malicious purposes. Google has taken measures to mitigate such activities, emphasizing the challenges in detecting and countering threats facilitated by cloud … Read more
May 23, 2024 at 07:36AM Conversations around data security focus on protecting on-premises or cloud-stored data, reliable data backup and restoration strategies, and the potential cost of data loss. The increasing use of SaaS applications raises concerns about data backup responsibilities and the lack of control over SaaS data, highlighting the need for secure and … Read more