April 16, 2024 at 10:36AM New cybersecurity research reveals that CLI tools from AWS and Google Cloud can expose sensitive credentials in build logs, posing risks to organizations. Microsoft has addressed the issue, while Amazon and Google consider it expected behavior, advising organizations to avoid storing secrets in environment variables and use dedicated secrets store … Read more
April 16, 2024 at 07:27AM Organizations are facing growing cybersecurity threats due to the increasing use of cloud services and remote work arrangements. The Identity Underground Report highlights the challenges and vulnerabilities in managing digital identities, uncovering concerning statistics such as insecure password practices and overlooked service accounts. Proactive measures like Multi-Factor Authentication are crucial … Read more
April 15, 2024 at 02:13PM The U.S. Department of Justice has arrested and indicted Charles O. Parks III, alias “CP3O,” for allegedly using cloud servers for unauthorized crypto mining, accruing $3.5 million in charges. He exploited cloud providers through fake corporate identities, laundering the mined cryptocurrency. Charges include wire fraud and money laundering, carrying a … Read more
April 15, 2024 at 09:39AM The cyber threat actor “Muddled Libra” is targeting SaaS applications and cloud service provider environments to exfiltrate sensitive data. They leverage sophisticated techniques, such as social engineering and reconnaissance, to gain unauthorized access and utilize various tactics for data exfiltration. Their activities pose new challenges, requiring organizations to enhance their … Read more
April 12, 2024 at 03:50PM Summary: The article highlights the importance of file scanning within uploader applications to safeguard against cyber threats like malware. It emphasizes compliance with security standards and the use of tools like the OWASP file upload cheat sheet and Trend Vision One™ – File Security to enhance data security. The article … Read more
April 12, 2024 at 12:48PM Cloud security vendor Wiz has acquired Gem Security, an Israeli startup specializing in cloud detection and incident response technologies, for approximately $350 million. Wiz CEO Assaf Rappaport aims to consolidate cloud security operations and strengthen their CDR capabilities. The acquisition aligns with Wiz’s ambition to lead the market and integrate … Read more
April 11, 2024 at 02:30PM The cloud platform’s 8-year-old version was compromised by attackers to distribute malware capable of taking over infected systems. It seems like there was a discussion in the meeting about attackers compromising an 8-year-old version of a cloud platform to distribute malware that can take over infected systems. Are there any … Read more
April 11, 2024 at 12:42PM Zscaler announced the planned acquisition of Airgap Networks, a startup focusing on network segmentation and secure access technologies. Financial details were not disclosed. Zscaler intends to combine Airgap’s technology with its Zero Trust SD-WAN suite to protect east-west traffic in various environments without the need for additional hardware or disruption. … Read more
April 11, 2024 at 10:48AM AWS VP and Distinguished Engineer, Tom Scholl, is actively combating DDoS attacks by addressing the long-standing issue of IP spoofing. By engaging with external networks and leveraging AWS’s global visibility, they have made significant strides in disrupting IP spoofing-based attacks. The company’s efforts not only protect its own network but … Read more
April 10, 2024 at 05:15PM Wiz has acquired New York-based startup Gem Security for $10 billion. This aims to enhance Wiz’s Cloud Detection and Response (CDR) capabilities and consolidate its Cloud Native Application Protection Platform (CNAPP). The deal sees Gem’s technology and employees joining Wiz, positioning Wiz as the world’s leading cloud security platform with … Read more