October 1, 2024 at 04:55PM Apono, a privileged access leader for the cloud, has successfully completed its Series A funding round, securing $15.5 million. The funding, led by New Era Capital Partners, will advance Apono’s mission of providing AI-driven, innovative, and secure solutions for managing access in complex cloud environments. The investment reflects strong confidence … Read more
October 1, 2024 at 04:55PM Palo Alto Networks and Deloitte have expanded their strategic alliance into EMEA and JAPAC regions, offering AI-powered cybersecurity solutions globally. This collaboration aims to streamline security operations, enhance platformized security solutions, and harness AI to combat evolving threats. Deloitte will offer Palo Alto Networks security solutions across its network, cloud, … Read more
October 1, 2024 at 08:51AM Summary: Despite the implementation of multi-factor authentication (MFA) to enhance security, credentials remain the primary target for malicious parties entering systems, posing a persistent threat to cloud environments. This issue was highlighted in the SecurityWeek article “Cracking the Cloud: The Persistent Threat of Credential-Based Attacks.” Based on the meeting notes, … Read more
September 30, 2024 at 01:06PM Summary: Cybersecurity teams are facing threats from “Storm-0501,” a ransomware group targeting vulnerable organizations in hybrid cloud environments. Microsoft reports that the group exploits weak passwords and overprivileged accounts to access cloud environments, using compromised credentials to extract data and spread ransomware. Security experts emphasize the importance of a zero-trust … Read more
September 30, 2024 at 08:08AM A critical vulnerability in NVIDIA Container Toolkit affects AI applications using it for GPU resource access in cloud or on-premise environments. It looks like the meeting notes are discussing a critical vulnerability in the NVIDIA Container Toolkit that affects all AI applications using GPU resources in both cloud and on-premise … Read more
September 30, 2024 at 08:00AM Microsoft warns of cybercriminal gang Storm-0501 targeting US organizations’ hybrid cloud environments with ransomware deployments. Active since 2021, the financially motivated group employs various ransomware families and exploits weak credentials and known vulnerabilities to gain control of networks, compromise devices, and deploy ransomware, posing a threat across multiple sectors. Based … Read more
September 30, 2024 at 07:38AM PwC’s cybersecurity report reveals that cloud threats are the top concern for 42% of business leaders, despite ransomware being lower on the list. Concerns align with least preparedness, with cloud attacks at 42%. Generative AI poses a growing security risk but also aids threat intelligence. Regulatory requirements drive cybersecurity investment … Read more
September 27, 2024 at 11:11AM Microsoft warns that the ransomware threat actor Storm-0501 is now targeting hybrid cloud environments and has expanded its tactics to compromise all victim assets. The group has targeted various organizations in the United States and uses various methods to gain access, move laterally, steal data, and deploy the Embargo ransomware. … Read more
September 26, 2024 at 05:52PM Nvidia’s Container Toolkit has a critical bug, CVE-2024-0132, rated 9.0/10 in severity, allowing an attacker to escape containers and take over the host. Nvidia issued a fix with versions v1.16.2 and v24.6.2. The vulnerability affects cloud and AI workloads, impacting 33% of cloud environments. Wiz’s security researchers found and disclosed … Read more
September 26, 2024 at 02:57AM Cloudflare has observed an advanced threat actor using multiple cloud service providers for credential harvesting, malware delivery, and command-and-control. The actor, known as SloppyLemming, targets government, law enforcement, energy, education, telecommunications, and technology entities in South and East Asian countries. The attacks involve spear-phishing emails, malicious links, and custom-built tools … Read more