November 27, 2023 at 05:26AM The text discusses the importance of modern attack surface management (ASM) for cloud teams. It highlights the need for robust ASM solutions that provide real-time visibility, continuous risk assessment, and proactive risk mitigation. The text also emphasizes the value of a platform approach to consolidate security solutions and improve efficiency. … Read more
November 24, 2023 at 02:30AM Cybersecurity researchers have discovered publicly exposed Kubernetes configuration secrets that could potentially lead to supply chain attacks. The secrets, containing credentials for accessing container image registries, were uploaded to public repositories. Among those affected are top blockchain companies and fortune-500 companies. The researchers found that a significant portion of the … Read more
November 21, 2023 at 03:59PM The role of the chief information security officer (CISO) is becoming increasingly important as organizations modernize their workflows and migrate to the cloud. The CISO must balance innovation and security, collaborate with other leaders, and ensure security is considered at all stages of the process. A strong CISO collaborates with … Read more
November 20, 2023 at 03:08AM Cloud attacks are becoming faster and more sophisticated, leaving little time for security teams to detect and respond. Legacy detection and response frameworks are insufficient for modern cloud environments, and a new benchmark called the 5/5/5 Benchmark is needed. This benchmark requires teams to detect threats in five seconds, triage … Read more
November 17, 2023 at 06:00AM The Hacker News is hosting an exclusive webinar titled ‘Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.’ Led by Jose Hernandez from Lacework Labs, the session will cover Kubernetes security breaches, the Zenbleed vulnerability, cloud supply chain vulnerabilities, and the CloudWizard APT. The webinar aims to provide actionable … Read more
November 16, 2023 at 10:22AM DDoS attacks have been increasing, particularly targeting major cloud platforms like Microsoft. These attacks aim to disrupt online services by overwhelming them with excessive traffic. The recent attacks on Microsoft employed Layer 7 DDoS attacks, which can cause significant damage with fewer resources. Anonymous Sudan, a cyber threat group, was … Read more
November 16, 2023 at 07:00AM Research shows that incomplete IT offboarding can have negative effects on organizations, leading to security incidents, surprise bills, and missed handoffs. Nudge Security offers a SaaS management platform that helps with IT offboarding by providing a single source of truth for deprovisioning accounts and automating tasks like revoking OAuth grants … Read more
November 16, 2023 at 07:00AM Novel attack methods targeting Google Workspace and the Google Cloud Platform have been demonstrated, posing risks of ransomware, data exfiltration, and password recovery attacks. Threat actors could exploit vulnerabilities in Google Credential Provider for Windows (GCPW) to gain access to machines and bypass multi-factor authentication protections. These attacks highlight the … Read more
November 15, 2023 at 08:43AM The cloud security landscape has evolved, with complex multicloud environments becoming more common and attack surfaces expanding. As a result, there is a push for contextualized security that provides visibility, prioritization, and automated alerts. The combination of agentless and agent-based protections is considered the most effective approach. Contextual cloud security … Read more
November 14, 2023 at 11:11PM Illumio has expanded its Zero Trust Segmentation Platform with Illumio CloudSecure, allowing organizations to reduce the impact of cyberattacks and increase cyber resilience in hybrid and multi-cloud environments. The tool provides visibility and control of connections between dynamic applications and workloads, and stops unauthorized movement automatically. Illumio CloudSecure is effective, … Read more