Navigating the Complexities & Security Risks of Multicloud Management

October 3, 2024 at 10:02AM Improper cloud security has resulted in costly breaches for organizations such as Toyota and Accenture, highlighting the significant impact of cloud security failures. As multicloud strategies become more prevalent, the complexities of managing multiple cloud environments pose challenges in governance, security, and compatibility, necessitating robust cloud security practices and strategic … Read more

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

October 2, 2024 at 12:15PM CeranaKeeper, a new threat actor, has been conducting data exfiltration attacks in Southeast Asia, targeting countries like Thailand, Myanmar, the Philippines, Japan, and Taiwan. Utilizing backdoors through legitimate cloud and file-sharing services, the group demonstrates a relentless and creative approach, with an extensive custom toolset for massive data siphoning. ESET … Read more

Apono Raises $15.5M Series A Funding for AI-driven, Least Privilege Solution Set

October 1, 2024 at 04:55PM Apono, a privileged access leader for the cloud, has successfully completed its Series A funding round, securing $15.5 million. The funding, led by New Era Capital Partners, will advance Apono’s mission of providing AI-driven, innovative, and secure solutions for managing access in complex cloud environments. The investment reflects strong confidence … Read more

Palo Alto Networks and Deloitte Expand Strategic Alliance Globally

October 1, 2024 at 04:55PM Palo Alto Networks and Deloitte have expanded their strategic alliance into EMEA and JAPAC regions, offering AI-powered cybersecurity solutions globally. This collaboration aims to streamline security operations, enhance platformized security solutions, and harness AI to combat evolving threats. Deloitte will offer Palo Alto Networks security solutions across its network, cloud, … Read more

Cracking the Cloud: The Persistent Threat of Credential-Based Attacks

October 1, 2024 at 08:51AM Summary: Despite the implementation of multi-factor authentication (MFA) to enhance security, credentials remain the primary target for malicious parties entering systems, posing a persistent threat to cloud environments. This issue was highlighted in the SecurityWeek article “Cracking the Cloud: The Persistent Threat of Credential-Based Attacks.” Based on the meeting notes, … Read more

Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware

September 30, 2024 at 01:06PM Summary: Cybersecurity teams are facing threats from “Storm-0501,” a ransomware group targeting vulnerable organizations in hybrid cloud environments. Microsoft reports that the group exploits weak passwords and overprivileged accounts to access cloud environments, using compromised credentials to extract data and spread ransomware. Security experts emphasize the importance of a zero-trust … Read more

Critical flaw in NVIDIA Container Toolkit allows full host takeover

September 30, 2024 at 08:08AM A critical vulnerability in NVIDIA Container Toolkit affects AI applications using it for GPU resource access in cloud or on-premise environments. It looks like the meeting notes are discussing a critical vulnerability in the NVIDIA Container Toolkit that affects all AI applications using GPU resources in both cloud and on-premise … Read more

Microsoft: Cloud Environments of US Organizations Targeted in Ransomware Attacks

September 30, 2024 at 08:00AM Microsoft warns of cybercriminal gang Storm-0501 targeting US organizations’ hybrid cloud environments with ransomware deployments. Active since 2021, the financially motivated group employs various ransomware families and exploits weak credentials and known vulnerabilities to gain control of networks, compromise devices, and deploy ransomware, posing a threat across multiple sectors. Based … Read more

Cloud threats have execs the most freaked out because they’re not prepared

September 30, 2024 at 07:38AM PwC’s cybersecurity report reveals that cloud threats are the top concern for 42% of business leaders, despite ransomware being lower on the list. Concerns align with least preparedness, with cloud attacks at 42%. Generative AI poses a growing security risk but also aids threat intelligence. Regulatory requirements drive cybersecurity investment … Read more

Embargo ransomware escalates attacks to cloud environments

September 27, 2024 at 11:11AM Microsoft warns that the ransomware threat actor Storm-0501 is now targeting hybrid cloud environments and has expanded its tactics to compromise all victim assets. The group has targeted various organizations in the United States and uses various methods to gain access, move laterally, steal data, and deploy the Embargo ransomware. … Read more