October 31, 2023 at 02:52PM The increasing number of attacks on cloud infrastructure has created a situation where both providers and users are equally affected. To prevent losses, it is crucial for cloud providers and users to collaborate closely and implement innovative approaches in order to enhance the security of public cloud resources. Based on … Read more
October 31, 2023 at 02:22PM Palo Alto Networks has announced its acquisition of Dig Security, an Israeli company specializing in Data Security Posture Management (DSPM) technology. Dig Security’s solution helps organizations protect sensitive data in the cloud, and it will be integrated into Palo Alto’s Prisma Cloud platform. Analysts see the acquisition as a strategic … Read more
October 31, 2023 at 01:01PM A recent report from the Purple Book Community highlights the challenges faced by companies in achieving application security (AppSec) maturity. These challenges include a shortage of AppSec engineers, slow vulnerability remediation, and the increasing reliance on cloud infrastructure. Insufficient funding is also identified as a major obstacle. The report emphasizes … Read more
October 31, 2023 at 10:57AM Attackers are actively targeting exposed Amazon Web Services (AWS) IAM credentials in public GitHub repositories to create instances for cryptocurrency mining. Palo Alto Networks observed the attacker creating 474 compute-optimized EC2 instances between August 30 and October 6. The attackers are able to launch attacks within minutes of credentials being … Read more
October 30, 2023 at 07:34AM CrowdStrike’s recent acquisition of Bionic is strengthening its cloud security offerings and positioning the company as a player in reactive cloud security. The acquisition brings capabilities like Cloud Native Application Protection Platform (CNAPP) and Application Security Posture Management (ASPM) to CrowdStrike’s Falcon platform. Bionic’s technology will be integrated into a … Read more
October 30, 2023 at 07:24AM The EleKtra-Leak campaign is targeting exposed Amazon Web Service (AWS) identity and access management (IAM) credentials on public GitHub repositories for cryptojacking. The campaign has been active since December 2020 and has employed automated targeting of IAM credentials within four minutes of exposure. The attacker has also been linked to … Read more
October 27, 2023 at 04:56PM Securing cloud identities is crucial as organizations migrate data to the cloud. Compromised identities can lead to unauthorized access to sensitive information. To prevent attacks, visibility into the cloud’s identity infrastructure is necessary. Examples of high-profile attacks demonstrate the importance of this. Implementing an applied risk approach, conducting comprehensive audits, … Read more
October 26, 2023 at 11:53PM Darktrace, a global leader in cyber security AI, has launched a new Darktrace/Cloud solution that offers comprehensive visibility of cloud architectures, real-time threat detection and response, and prioritized recommendations and actions. The solution combines insight from Darktrace’s other security solutions to provide a deeper understanding of an organization’s digital estate. … Read more
October 25, 2023 at 08:04AM Around 60% of corporate data is stored in the cloud, with Amazon S3 being a popular choice. However, S3 remains vulnerable to ransomware attacks as leaked access keys can be used to compromise sensitive data. To combat these threats, organizations need visibility into their S3 environment through CloudTrail and Server … Read more
October 24, 2023 at 04:19PM Password manager 1Password is the second victim of Okta’s recent customer support breach. Okta, a cloud-based identity and access management service, suffered a cyberattack that compromised access to customer support systems, allowing the attacker to infiltrate some customers, including 1Password. Fortunately, no user or employee data was compromised. Okta has … Read more