April 3, 2024 at 09:18AM A review board appointed by the Biden administration heavily criticized Microsoft’s corporate security and transparency. The report highlighted a cascade of errors that allowed state-backed Chinese cyber operators to breach email accounts of senior U.S. officials. The board urged substantial security improvements and a cultural change at Microsoft to prevent … Read more
April 2, 2024 at 09:34AM Cloud security provider Rubrik has filed for an IPO on the NYSE to raise between $500 million and $700 million. The company’s annual revenue from subscriptions is $784 million, with 6,100 customers and a 47% yearly growth. Rubrik incurred a $277.7 million net loss. CEO Sinha highlighted their AI-driven data … Read more
April 2, 2024 at 07:33AM Cloud solutions are increasingly vulnerable, with 82% of 2023 data breaches occurring in cloud environments, costing an average of $4.75 million per breach. Challenges include lack of visibility, inconsistent permission management, and blurred ownership of security. Continuous Threat Exposure Management (CTEM) is crucial for prioritizing high-impact exposures and securing cloud … Read more
April 1, 2024 at 04:48PM Veracode has acquired Longbow Security, a startup focused on automating root cause analysis of security vulnerabilities, with financial details undisclosed. Veracode plans to use Longbow’s technology to assist security teams in rapidly discovering cloud and application assets, assessing threat exposure, and automating issue investigation and remediation. The acquisition aims to … Read more
March 29, 2024 at 03:38PM Many businesses using cloud-based email spam filtering services are at risk due to frequent misconfigurations, posing potential security vulnerabilities. Based on the meeting notes, it seems that there is a concern about the potential risk for enterprises using cloud-based email spam filtering services due to misconfigurations. It might be important … Read more
March 28, 2024 at 06:06AM The British Library suffered a destructive ransomware attack in October 2023, with recovery efforts lasting until mid-April 2024. The attack by Rhysida led to data exfiltration, encrypted systems, and server destruction. Lessons learned include the importance of MFA, upgrading legacy systems, network segmentation, cloud usage, secure backups, financial preparedness, and … Read more
March 27, 2024 at 08:48AM Attackers have been exploiting a missing authentication vulnerability in the Ray AI framework, allowing them to compromise hundreds of clusters. The issue, identified as CVE-2023-48022, enables the submission of arbitrary system commands and access to sensitive information. Oligo reports numerous compromised clusters, including potential cryptomining and unauthorized access to cloud … Read more
March 26, 2024 at 12:48PM Join Lacework and SecurityWeek today for a fireside chat with Phil Bues, Cloud Research Manager at IDC, discussing challenges and best practices for cybersecurity leaders managing cloud identities. Learn about reducing risk with a least-privileged approach, achieving application, infrastructure, and data hygiene, and key trends like Zero Trust and Generative … Read more
March 22, 2024 at 06:36PM Amazon Web Services CISO, Chris Betz, discusses generative AI as a time-saving tool with potential risks. Got it. It seems that Chris Betz discussed the dual nature of generative AI, highlighting its potential as a time-saving tool but also emphasizing its potential risks. Full Article
March 22, 2024 at 10:03AM Cybersecurity researchers detailed a security vulnerability in AWS Managed Workflows for Apache Airflow that’s now fixed by AWS, named FlowFixation by Tenable. It could allow a threat actor to hijack sessions, achieve code execution, and perform same-site attacks, impacting AWS, Azure, and Google Cloud. Both AWS and Azure have addressed … Read more