#CloudSecurity

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

by

March 11, 2024 at 10:51AM The significance of robust Privileged Access Management (PAM) in the face of cyber threats is emphasized. One Identity PAM Essentials, a SaaS-based solution, prioritizes security, manageability, and compliance. It offers a user-centric design, simplified approach, cost-effectiveness, cloud-native architecture, and seamless integration with OneLogin. This represents a shift in PAM tools, … Read more

How Not to Become the Target of the Next Microsoft Hack

by

March 11, 2024 at 10:07AM Recent cybersecurity incidents emphasize the importance of understanding and effectively implementing security best practices within the Microsoft 365 ecosystem. The increasing use of AI in cybersecurity calls for proactive measures to address evolving threats. Key strategies include reviewing access control policies, managing delegations, and maintaining control over the cloud environment … Read more

Data Leakage Prevention in the Age of Cloud Computing: A New Approach

by

March 11, 2024 at 08:21AM The traditional on-premises approach to data security is becoming obsolete as IT infrastructure moves to cloud-based solutions. A new guide by LayerX emphasizes the need for DLP solutions to focus on protecting corporate data in the browser. It outlines three data protection paths forward, with browser DLP being highlighted as … Read more

New Open Source Tool Hunts for APT Activity in the Cloud

by

March 11, 2024 at 06:51AM Permiso Security has released CloudGrappler, an open source tool to detect cloud environment intrusions by advanced persistent threat (APT) actors. CloudGrappler specializes in querying for activity by known threat actors and provides detailed reports in JSON format. The tool is available on GitHub for users to access and utilize. The … Read more

Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence

by

March 6, 2024 at 05:39PM Researchers have detected a cyber campaign targeting vulnerable cloud servers running Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers deploy a cryptomining tool and a Linux-based reverse shell for potential future targeting. The campaign, known as Spinning YARN, exploits known vulnerabilities and misconfigurations, with tactics overlapping with threat groups … Read more

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

by

March 6, 2024 at 12:15PM Threat actors are utilizing misconfigured and vulnerable servers to conduct Remote Code Execution (RCE) attacks and deploy cryptocurrency miners. Cloud security company Cado has named this activity “Spinning YARN,” with attackers using Golang payloads to exploit Confluence, Docker, Hadoop YARN, and Redis services. The attacks also exploit known vulnerabilities and … Read more

Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth

by

March 6, 2024 at 10:39AM Cloud security firm Sweet Security recently secured $33 million Series A funding, following $12 million seed funding. The Tel Aviv-based firm plans to expand its technology and go-to-market operations for cloud runtime security. It combines military expertise with eBPF-based technology to detect vulnerabilities and provide real-time insights for cloud security … Read more

10 Essential Processes for Reducing the Top 11 Cloud Risks

by

March 6, 2024 at 10:02AM The cloud security landscape continues to evolve, with the Cloud Security Alliance (CSA) highlighting 11 key threats and recommended defenses. Issues like misconfigurations and inadequate change control continue to challenge organizations. Effective strategies include building a robust identity program and investing in threat hunting, emphasizing the need for proactive measures … Read more

How to Find and Fix Risky Sharing in Google Drive

by

March 6, 2024 at 05:15AM Material Security has launched Data Protection for Google Drive, enabling Google Workspace administrators to efficiently safeguard sensitive information and manage sharing permissions. With a powerful data platform, Material Security offers advanced scanning, access control, and automated remediation to address security risks without hindering productivity. Schedule a personal demo to see … Read more

What is Exposure Management and How Does it Differ from ASM?

by

March 5, 2024 at 06:45AM Startups and mid-market businesses heavily rely on cloud services, leading to a complex and distributed attack surface that’s challenging to monitor and secure. Exposure management in cybersecurity aims to provide visibility and prioritize vulnerabilities to reduce business risks. Intruder offers automated vulnerability management to discover and prioritize weaknesses across the … Read more