September 23, 2024 at 08:06AM The past week’s cybersecurity landscape was a rollercoaster ride. Notable events include the dismantling of the Raptor Train botnet, North Korean hackers deploying a new malware, takedown of criminal networks iServer and Ghost, and developments in the Apple vs. NSO Group lawsuit. These incidents underscore the evolving nature of cyber … Read more
September 17, 2024 at 04:24PM Google Cloud’s Document AI service has a vulnerability that could be exploited by attackers to access and steal sensitive data from Cloud Storage buckets. Despite being reported, Google has yet to fully address the issue, leaving the attack vector open. The nature of the vulnerability and back-and-forth with Google regarding … Read more
September 11, 2024 at 02:06PM Google has introduced a new backup storage vault feature in its cloud service to defend against ransomware attacks. The feature offers immutable and indelible backups, safeguarding data from tampering and unauthorized deletion. It aims to protect backed-up data during encryption and extortion cyberattacks, providing secure storage and reliable recovery options … Read more
September 11, 2024 at 09:04AM Google has introduced three enhancements to its Google Cloud Backup and Disaster Recovery service, focusing on improving simplicity and security for managing backups. The features include creation of immutable backup vault storage, a centralized backup management system with developer-centric self-service, and integration with Google Cloud IAM. These solutions aim to … Read more
August 12, 2024 at 05:01AM Cloud platforms are increasingly relied upon, prompting heightened cybersecurity threats. Addressing this, the virtual SANS Cloud Security Exchange 2024 on 27th August provides free access to expert insights, best practices, and networking opportunities. With sessions on modernizing cloud security, identity, proactive security principles, and AI, it offers valuable knowledge and … Read more
July 27, 2024 at 02:00AM Cybersecurity researchers found a malicious package “lr-utils-lib” on the Python Package Index, targeting specific Apple macOS systems to steal Google Cloud credentials. It checks for macOS, compares UUID against hardcoded hashes, and harvests Google Cloud data. The captured info is sent to a remote server. Social engineering tactics suggest a … Read more
July 22, 2024 at 08:55AM FLUXROOT, a financially motivated threat actor, abused Google Cloud serverless projects to conduct phishing attacks, targeting Latin America. This highlights the trend of threat actors exploiting cloud computing for malicious purposes. Google has taken measures to mitigate such activities, emphasizing the challenges in detecting and countering threats facilitated by cloud … Read more
May 9, 2024 at 04:22PM CyberProof, a UST company, has extended its partnership with Google Cloud to enhance its managed XDR services. By integrating Google Chronicle Security Operations, CyberProof offers an end-to-end solution to visualize and mitigate cyber risk for enterprises migrating to the cloud. This collaboration aims to provide intel-led cybersecurity solutions at cloud … Read more
April 17, 2024 at 09:00AM The increasing adoption of public cloud platforms prompts companies to shift their security toolsets. While the best-of-breed model involves using multiple third-party security solutions, it creates gaps and inefficiencies. Alternatively, the native-first cloud security approach, utilizing integrated first-party solutions, offers greater cost efficiency and improved security resilience, reducing attack surface, … Read more
April 16, 2024 at 11:00AM Cloud security firm Orca warned about how certain command-line tools from major cloud service providers expose sensitive information in the form of environment variables, posing security risks. Microsoft Azure, AWS, and Google Cloud confirmed the issue and provided guidance on safeguarding sensitive data. Orca discovered this issue impacting not just … Read more