Cloud Security News

Follow Cloud Security News
Share on
Copy link to clipboard

Your weekly digest of what you need to know in the world of Cloud Security. We do the hard work for you, so you are always across the important bits.     Brought to you by the team behind the much loved Cloud Security Podcast

Cloud Security Podcast Team


    • Jan 26, 2023 LATEST EPISODE
    • infrequent NEW EPISODES
    • 4m AVG DURATION
    • 40 EPISODES


    Search for episodes from Cloud Security News with a specific topic:

    Latest episodes from Cloud Security News

    Vulnerabilities discovered in AWS, GCP and Azure

    Play Episode Listen Later Jan 26, 2023 7:53


    Cloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The vulnerability discovered that there is a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. . You can read more about this vulnerability here Duo Sreeram KL and Sivanesh Ashok found a SSRF Vulnerability in GCP, which when exploited could make users click onto a malicious URL allowing attacks to gain control of an authorisation token and the user's GCP projects. CircleCI delivered and have released an incident report which details what happened, how to know if you were impacted, what may help your teams, what they learnt and what they will do next. Corsha, which is API Identity and Access Management software company has released a report - It's Time To Get Honest About Secrets Management Corsha State of API Secrets Management Report, 2023. Orca security have reported that they found instances where different services were vulnerable to a (you guessed it) Server Side Request Forgery (SSRF) attack. They shared that 2 of the vulnerabilities did not require authentication, meaning that they could be exploited without even having an Azure account.The vulnerabilities were found in Azure Twin Explorer, Azure Functions, Azure API Management Service and Azure Machine Learning Service. You can read their blog here to find out more Techcrunch has reported this week that Dell has acquired an israeli cloud orchestration startup Cloudify for allegedly $100M. Cloudify helps with the management of containers and workloads across hybrid environments. Dell has not publically mad this announcement but Techcrunch has shared that they notice a form they have lodged to indicate this.

    Amazon S3 encrypts by default and The CircleCI Breach

    Play Episode Listen Later Jan 14, 2023 6:26


    Cloud Security News this week 14 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News According to recent study published by IEEE which I found interesting (which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industrial Internet of Things (IIoT) (33%) will be the five most important areas of technology of 2023” Late December, a security engineer at CircleCI received an email notification about a potential attack on his CircleCI account thanks to an AWS CanaryToken placed by him. On Jan 4th, CircleCI advised to rotate any and all secrets stored in CircleCI and published a blog outlining the various ways to do it. AWS announced on 5 Jan 2023, that Amazon S3 will now automatically apply server-side encryption for each new object. This has been welcomed by AWS users as a good compliance tick and also would assist with those pesky S3 bucket breaches which are still all too common. Unit 42 researchers from Palo Alto Networks recently released a report about Automated Libra, the cloud threat actor behind the freejacking campaign PurpleUrchin, reporting that they had created more than 130,000 accounts on free or limited-use cloud platforms such as Heroku and GitHub. Google has released reports sharing that API endpoints are increasing under attack mostly (no surprises here) due to API misconfigurations. According to their reports, many companies are intending to expand their real-time monitoring of API servers and using (AI/ML) systems to better discover flaws and detect attacks.

    New Cloud Vulnerability Database + Another Misconfigured S3 Bucket

    Play Episode Listen Later Jul 14, 2022 5:44


    Cloud Security News this week 14 July 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Dell Embraces Multi-cloud + Hackers use stolen OAuth

    Play Episode Listen Later May 11, 2022 6:44


    Cloud Security News this week 11 May 2022 Brought to you this week by JupiterOne To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    AWS Security Hub releases 5 new controls + Latest with Spring4shell

    Play Episode Listen Later Apr 13, 2022 5:24


    Cloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    releases controls aws security hub
    What is Spring4shell? + Should we be concerned?

    Play Episode Listen Later Apr 7, 2022 4:30


    Cloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Latest with Okta/Lapsus$ + Return of Log4J

    Play Episode Listen Later Mar 30, 2022 6:14


    Cloud Security News this week 30 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    All you need to know about the Okta and Microsoft breach

    Play Episode Listen Later Mar 23, 2022 5:51


    Cloud Security News this week 23 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    The Cyber Defense Matrix + CSA launches Zero Trust Advancement Center

    Play Episode Listen Later Mar 16, 2022 4:15


    Cloud Security News this week 16 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Google's 5.4B Aquisition + CNCF Accepts Knative, a kubernetes Platform

    Play Episode Listen Later Mar 9, 2022 8:36


    Cloud Security News this week 9 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    JupiterOne announces open source StarBase

    Play Episode Listen Later Mar 2, 2022 5:00


    Cloud Security News this week 2 March 2022 Brought you by Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Snyk Acquires Fugue + Amazon CodeGuru Reviewer now detects Apache Log4j

    Play Episode Listen Later Feb 23, 2022 5:51


    Cloud Security News this week 23 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Azure Launches Azure Payment HSM

    Play Episode Listen Later Feb 17, 2022 4:55


    Cloud Security News this week 16 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google's Cybersecurity Action Team has released Threat Horizon's report this month. The report can be accessed here Staying in theme with Google Cloud (which also happens to be our theme for this month at Cloud Security Podcast). This week they have reported a low severity vulnerability in the Linux kernel's function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout. You can find out more about this vulnerability here. Azure has announced Azure Payment HSM in preview in East US and North Europe. You can find out more about it here. Cloud Security Alliance's Technology and Cloud Security Maturity report. You can read the entire report here. Have you heard about the Internet Society or ISOC? Its one of the oldest global nonprofit with a goal of keeping the Internet as a force for good: open, globally connected, secure, and trustworthy. The researchers at Clario recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members. A blob container named ISOC contained millions of json files that were structured to include login, password and email. Clario reported this to ISOC and the repository was subsequently secured. ISOC also confirmed that they have not seen any instances of malicious access to member data as a result of this issue. You can read more about this here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    Amazon GuardDuty now protects Amazon EKS

    Play Episode Listen Later Feb 9, 2022 5:53


    Cloud Security News this week 09 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud has released the Virtual Machine Threat Detection tool as part of their Security Command Center for Premium customer. According to Google's blog this “is a first-to-market detection capability from a major cloud provider that provides agentless memory scanning to help detect threats like cryptomining malware inside your virtual machines running in Google Cloud.” For those familiar with AWS Guardduty, how does this compare - share with us on linkedin, twitter or on our website. You can read Google Cloud's announcement here. Being a Cloud Security Enthusiast, you are probably familiar with the Cloud Security Alliance, they are well known for defining standards, certifications, and best practices for security cloud environments. This week they have released DevSecOps - Pillar 4 Bridging Compliance and Development as part of the DevSecOps Six Pillars series. This document focuses on how compliance can be automated and better relate to security requirements. You can access the full document here. We would love to hear your thoughts about this pillar, so please share your views on www.cloudsecuritypodcast.tv Security Researcher Harsh Jaiswal received a bounty award of $17,576 for whats been described as a “pretty simple” but critical SSRF related to HelloSign's Google Drive Docs export feature.You can read more about the security team's response here and the vulnerability report here. Cloudflare, a Silicon Valley provider of content delivery network (CDN) and DDoS mitigation services has launched a public bug bounty program, further to their invite-only program in place since 2018. You can find out more about the program here Tenable, a popular product for vulnerability scanning, has announced new features to their cloud native application security program, Tenable.cs. You can find our more about tenable and tenable.cs here. Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters. You can read more about this here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

    google development silicon valley protects ddos google cloud cloudflare cdn tenable hellosign cloud security alliance amazon eks amazon guardduty
    Google reports Linux Kernel Vulnerabilities

    Play Episode Listen Later Feb 2, 2022 5:18


    Cloud Security News this week 02 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud have reported that 3 security vulnerabilities have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.Google have shared that these vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu). Pods using GKE Sandbox are not vulnerable to these vulnerabilities. You can find out more about it here. Safety detectives uncovered and reported on a misconfigured AWS S3 bucket that exposed over 1 million files - “The data we observed related to airport employees from different sites across Colombia and Peru, and there could be entities from other nations with exposed data on the bucket.” The full report can be viewed here. Salesforce now requires all customers to use multi-factor authentication MFA in order to access Salesforce products. It's one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers' data. Let us know what you think of this change and more on this can be found here. Markets and Markets has shared that the “global cloud security market size is expected to grow from USD 40.8 billion in 2021 to USD 77.5 billion by 2026”. You can find out more here Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding bringing their funding to date to $71 million. In a company blog CEO, ​​Rakesh Narasimhan shared that the new funding is a significant milestone in accelerating their mission to provide the most innovative cloud security, compliance automation, and cloud security posture management (CSPM) platforms that enable enterprises of all sizes with the fastest path to security and compliance in the cloud. You can find out more about them here. Check Point has acquired Spectral, an Israeli startup who have developer-first security tools designed by developers for developers. With this acquisition, Check Point extends its cloud solution, Check Point CloudGuard, with developer-first security platform, to provide a range of cloud application security use cases including Infrastructure as Code (IaC) scanning and hardcoded secrets detection. Find out more here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast:

    McFee and FireEye join forces for XDR

    Play Episode Listen Later Jan 26, 2022 3:51


    Cloud Security News this week 26 Jan 2022 Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The merger of these two companies has now form Trellix, which aims to be a leader in extended detection and response (XDR). In their blog post Trellix shared that “Customers can expect Trellix's living security platform to deliver bold innovation across the XDR market.” - “with automation, machine learning, extensible architecture, and threat intelligence.” You can find out more about Trellix and read their blog post here and let us know if you are excited about this merger? Orca Security is back in the news this week, not for their funding round or their vulnerability findings in AWS. They have made their 1st acquisition: RapidSec, an Israeli cybersecurity startup that protects web applications from client-side attacks. RapidSec's software allows for detection of web-application misconfigurations and deviations from best practices. Orca has indicated that it plans to integrate these web services and API security technologies into its agentless cloud security platform. You can read more about this acquisition here. Cloud Security Firm Polar Security that has emerged from Stealth With $8.5 Million Seed Funding. They are a Tel Aviv, Israel-based cloud security company that aims to provide visibility into companies' cloud data storage to allow security teams to secure the data and avoid compliance problems. You can find out more about them here Hunters.ai announced that it has raised a $68 million Series C round bringing their total funding to date to $118 million. Hunters share in their blog that “Never before has it been more lucrative to be a cyber criminal” and “On the defenders' side, we see organizations struggling to keep pace. As technology advances and more tools are being used, the attack surface grows and the number of security products used by these organizations increases.” This is where Hunter.ai believes they can help with their Extended Detection and Response (XDR) platform used by Security Operations Center (SOC) teams to detect, investigate and stop threats. You can find out more about them here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    Remote Access Trojans target Public Cloud Infrastructure

    Play Episode Listen Later Jan 19, 2022 7:06


    Cloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers' operations.” Read more about this here. Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here Vulnerability in AWS's cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here Sysdig's platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    UK Financial Regulators monitoring Cloud Providers Closely

    Play Episode Listen Later Jan 12, 2022 4:25


    Cloud Security News this week 12 Jan 2022 UK's financial regulators - The Prudential Regulation Authority is looking to increase it's monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a handful of cloud providers. A lot of major British banks have partnerships with cloud providers “AWS has announced deals with Barclays and HSBC, while Lloyd Banking Group holds partnerships with Google Cloud and Microsoft Azure.”. There is an increasing concerns about the impacts on the banks should these cloud providers experience outages. You can view the financial times article here Speaking of regulators and how they are dealing with cloud providers, a few weeks ago in December Chinese regulators have “suspended an information-sharing partnership with Alibaba Cloud Computing” over concerns that it failed to promptly report and address a cybersecurity vulnerability. According to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology “Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator”.This comes after, according to Reuters “The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.” From what we understand, there is no statement from Alibaba Cloud on this yet. You can read more about this here. Gartner's Report can be found here. Redhat's Report can be found here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    Google invests in Security + Microsoft's Log4Shell Update

    Play Episode Listen Later Jan 5, 2022 5:16


    Cloud Security News this week 5 Jan 2022 Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud's security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle's innovative approach to security analytics is an important step forward in their vision”. You can find more about this here Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”. They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog here. Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to set up a backdoor on the compromised host to do cryptomining. This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. You can see the blog and their findings here. SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. You can view the full report here Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. You can read more about the findings here and threatpost report here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    The Latest with Log4J

    Play Episode Listen Later Dec 22, 2021 3:56


    Cloud Security News this week 22 December 2021 Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week's episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far. To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues were reported. The latest patch is the third installment 2.17.0 to address a new vulnerability that allow for denial of service attacks. While apache and other organisations rush to remedy and patch these vulnerabilities, an explosion of attacks continue. Belgium's defence ministry revealed that it had been forced to shut down parts of its network after a hacker group exploited log4j to gain entry to its systems. Security firm Check Point has been monitoring the situation and, at one point, reported seeing more than 100 Log4J attacks per minute.The hackers are scattered globally. Checkpoint further reported that more than half of the exploits come from well-known hacking groups using it to deploy common malware like Tsunami and Mirai. Sentinel one has reported that “Observed exploit attempts in the wild thus far have led to commodity cryptominer payloads or other known and commodity post-exploitation methods. They expect further opportunistic abuse by a wide variety of attackers, including ransomware and nation-state actors.” The latest apache update is available here. The SentinelOne blog is available here and Checkpoint blog is available here, Whilst we are scrambling to stay on top log4Shell, a few exciting things have occurred in the world of Cloud Security as well, Ermetic announced a $70 million series B funding round. Their platform secures cloud infrastructure by focusing on identity security and reducing the attack surface across a multi-cloud deployment. The platform is expanding its support for Kubernetes container orchestration which they refer to like the fourth cloud. Learn more about Ermetic here. And in other news Container and cloud security unicorn Sysdig scored $350 million in a Series G funding. This raises their total funding to $744 million and pushes valuation to $2.5 billion. Sysdig offers security and performance monitoring services tailored toward cloud-native applications and are looking to utilise the latest funding to accelerate the expansion of these services into new markets, increase its headcount and customer base, and invest in research and development. Learn more about Sysdig here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    The Log4j Vulnerability - Cloud Providers Respond

    Play Episode Listen Later Dec 15, 2021 2:51


    Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell' and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    AWS Outage - What is impacted?

    Play Episode Listen Later Dec 8, 2021 3:50


    Cloud Security News this week 8 December 2021 If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for consoles in all AWS regions were affected by this issue, however customers could login to consoles other than US-EAST-1 by using an IAM role for authentication. Services impacted include: EC2, Connect, DynamoDB, Glue, Athena, Timestream, and Chime. Most of the services have now recovered and all updates can be viewed here Recently McAfee and FireEye announced the availability of new cloud security capabilities on Amazon Web Services (AWS) as well as integration with the Amazon Inspector vulnerability management service. According to McAfee Enterprise and FireEye, their behavior analysis and machine-learning extended detection and response (XDR) capabilities combined with Amazon Inspector promises to deliver AWS customers greater visibility and protection of cloud-based applications and data. The research team at LightSpin discovered that the Jupiter Notebook instance of SageMaker could reach the Notebook Instance metadata endpoint. For context, having access to the metadata endpoint and requesting access tokens from an over-permissive IAM Role is a very well known SSRF vulnerability in AWS. In this case, the research team reported their finding to AWS and this has been resolved since. You can learn more about this here Zscaler, an American cloud-based information security company known for their Zscaler private and internet access and now the creators of Zero Trust Exchange platform have now announced the general availability of its new Workload Communications solution, which is part of the Zscaler Zero Trust Exchange. This extends Zero Trust security to workloads and applications hosted in public cloud to eliminate attack surfaces, prevent lateral threat movement, inhibit compromise of workloads, and stop data loss. It also helps IT teams simplify multi-cloud workload connectivity by moving away from traditional IP-based routing and VPNs between cloud environments to expedite enterprises' cloud transformation initiatives. You can learn more about this here. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    AWS re:Invent 2021 - All the Cloud Security Updates so far

    Play Episode Listen Later Dec 2, 2021 7:16


    Cloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year, we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield, Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets, you can now use EventBridge to build applications that react quickly and efficiently to changes in your S3 objects. This will deliver responses to potential Events/incidents of interest in a faster, more reliable, and in a more developer-friendly way than ever. More on this here If you use AWS Control Tower and care about Data Residency, now you will be able to apply Preventive and detective controls that prevent provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower. This means that content cannot be created or transferred outside of your selected Regions at the infrastructure level. More on this here They have announced Amazon VPC IP Address Manager (IPAM), a new feature that provides network administrators with an automated IP management workflow.making it easier to organize, assign, monitor, and audit IP addresses in at-scale networks. More on this here new feature.” Amazon VPC Network Access Analyzer. In contrast to manual checking of network configurations, which is error-prone and hard to scale, this tool lets you analyze your AWS networks of any size and complexity. You can get started with a set of Amazon-created scopes, and then either copy & customize them, or create your own from scratch. More on this here A new Amazon S3 Object Ownership setting and the Amazon S3 console policy editor. More on the Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    24 November 2021 - GoDaddy looses 1.2 million user information

    Play Episode Listen Later Nov 24, 2021 5:23


    Cloud Security News this week 24 November 2021 CSA recently announced that they have now had 1500 Cloud services evaluated across to the STAR registry principles. According to CSA, by publishing to the registry organizations can show current and potential customers their security and compliance posture which may prevent the need for them to complete multiple security questionnaires. You can find more information about CSA and STAR registry here Security researcher Schütz was rewarded a $4,133 bounty by the Google Vulnerability Rewards Program for his Google Internal API vulnerability discovery. Google has now fixed this bug. You can read more about this here and the Schütz has documented his discovery here Palo Alto Networks - a well known cybersecurity Vendor - Their Chairman and CEO Nikesh Arora told investors that they are “18-to-24 months ahead from a competitive platform perspective”. There a few exciting players in the Cloud Security Market right now and you can read more about this here You can also find more about Palo Alto, Orca Security, Wiz and Lacework on the links Lacework, they have recently raised $1.3 billion in fresh capital at a valuation of $8.3 billion, making this one of the largest venture funding rounds of the year in the United States. Nasdaq covered a bit more about this here. In comparison Orca Security raised $550 million in Series C funding to raise their valuation to $1.8 Billion and Wiz raised $250 million on a $6 billion valuation Clubhouse, an audio based chatroom launched in 2020 which gained popularity during the pandemic has launched a BugBounty program on HackerOne. The scope of the Bounty includes their API and websites. The program has upto $3000 on offer for any critical vulnerabilities reported. You can find more about the program here Using a compromised password, an unauthorised third party has managed to infiltrate GoDaddy's systems affecting atleast 1.2 million users. Along with usernames, passwords and emails, the attackers also gained access to SSL private keys for a subset of users. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    17 November 2021 - Feds go Cloud Smart + Alibaba Cloud targeted by Hackers

    Play Episode Listen Later Nov 17, 2021 4:48


    Cloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this here JupiterOne (a Cyber Asset Management Platform ) and Cisco have announced the launch of Secure Cloud Insights, an expanded cloud security and security operations partnership designed to provide businesses with a range of cybersecurity services. This new solution is aimed at helping Cisco customers achieve a higher level of maturity with their digital transformation and security program. CEO of Jupiter One, Erkang Zheng calls it a game changing offering - that would provide increased visibility, efficiency, and speed to security operations, with combined context from situational awareness and structural data. We would be curious to know if you think the same. Those familiar with Palo Alto and their core cloud-security package, Prisma may be intrigued to know that they have launched Prisma 3.0. Truffle Security has released an open source hacking tools called Driftwood designed to discover leaked, paired private and public keys which may be harmful. Driftwood builds upon Truffle Hog and is available on Github. Truffle Security in their blog which is shared here. stated that With this tool they found the private keys for hundreds of Transport Layer Security certificates, and Secure Shell keys that would have allowed an attacker to compromise millions of endpoints/devices. The Federal government is going from a “Cloud First” to a “Cloud Smart” strategy to leverage cloud without compromising security. They quoted that “Cloud Smart is about equipping agencies with the tools and knowledge they need to make these decisions for themselves, rather than a one-size-fits-all approach.The shift will be from “buy before build” to “solve before buy,”. Under security they added that “Successfully managing cloud adoption risks requires collaboration” leaning into that shared responsibility model we hear often about with Cloud Security. The link to the document is here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    10 November, 2021 - Secure AWS + Azure from one Place, Better Linux Security support on Azure

    Play Episode Listen Later Nov 10, 2021 3:58


    Cloud Security News this week 10 November 2021 Microsoft is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) - yes you heard that right! within a suite called Microsoft Defender for Cloud. This was previously know as Azure Security Center and Azure Defender At their annual conference Ignite 2021, their focus was enterprise cloud protection, specially multi cloud environments. Microsoft Defender for Cloud will now let organizations secure AWS and Azure environments from one place without depending on the AWS Security Hub. We will bring you the highlights from Ignite 2021 next week, you can check out the event virtually here For folks who have been waiting on better security services support for Linux on Microsoft Azure - they recently announced the expansion of the Defender for Endpoint on Linux capabilities. Defender for Endpoint is a cloud-based product that includes vulnerability management and assessment, and endpoint detection and response (EDR) on Linux servers. Are you wondering about Oracle Cloud and what they are upto? Oracle Cloud most recently trying to stand out amongst its competitors by broadening the range of built-in and add-on cybersecurity features in Oracle Cloud Infrastructure. Oracle said the new features are intended not only to simplify management but also to address the problem misconfiguration and user error. If you want to find out more - you can check out their new Oracle Cloud Infrastructure Web Application Firewall for Flexible Load Balancers, Oracle Cloud Infrastructure Vulnerability Scanning Service, Oracle Cloud Infrastructure Bastion and Oracle Cloud Infrastructure Certificates If you use Crowdstrike, this ones for you. The popular real-time detection and automated response software, Crowstrike is making some big moves in the Cloud Space, doubling down on zero trust. The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement. Read more here If you have been reading about Robinhood being hacked, this one wasn't a cloud security breach however a good old social engineering attack which if your interested to know more about, you can read here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    03 November, 2021 - AWS Earns over 16billion this quarter + SEGA on Microsoft Azure

    Play Episode Listen Later Nov 3, 2021 3:17


    Cloud Security News this week 27 October 2021 In case you missed the quarterly earnings updates from last episode, I do encourage you to check it out to see how Google Cloud and Azure faired last Quarter. AWS came out still leading the pack $16.11 billion in the quarter, up almost 39% from a year ago. You can view the report here Industry Tech giants including Google, Salesforce, Okta and Slack have announced the creation of a “vendor-neutral” security baseline for businesses called ‘Minimum Viable Secure Product' (MVSP). Its a minimalistic security checklist for B2B software and business process outsourcing supplier designed to eliminate overhead, complexity and confusion during the procurement and vendor security assessment process by establishing minimum acceptable security baselines. The intention is to increase clarity reduce the onboarding and sales cycle by weeks or even months. You can view the checklist here Remote code execution vulnerability was patched by Gitlab in April 2021 however researchers from Rapid 7 recently found that the exploitations were continuing to this day, with only 21% of the instances fully patched against the issue. Gitlab strongly recommends updating to the latest version to remedy this. Read more about Rapid 7's research here and Gitlab's release here IBM has released their report - Cloud's Next Leap. They surveyed over 7000 executives in enterprise cloud adoption over 44 countries. 59% of organizations reported that digital transformation has accelerated for them through the pandemic. Not dissimilar to other reports this year, most of their respondents are also yet to fully realize cloud's full transformational power. Hybrid cloud/multicloud once again is reported to be the dominant architecture for cloud service delivery. Something rather interesting they reported on is that while many organisations are moving to the cloud, they are often moving to different versions of it.Report here For our sonic hedgehog gaming fans, Tokyo-based Sega is looking to produce large-scale, global games in a next-generation development environment built on Microsoft's Azure cloud platform. The intent is to create big-budget titles using Microsoft's know how - who also own Xbox cloud gaming tech. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    27 October, 2021 - AWS lands UK Spy Agency Contract

    Play Episode Listen Later Oct 27, 2021 5:33


    Cloud Security News this week 27 October 2021 UK's spy agencies have given a contract to AWS to host classified material. Their intention is to boost use of data analytics and artificial intelligence for espionage. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade. The Guardian has reported that “the contract with Amazon is likely to ignite concerns over sovereignty because the UK's most secret data will be hosted by a single US tech company” - Quite the interesting comment and Cloud Security News would love to hear your thoughts on this It's also the season for Revenue announcements for Quarter 3 for our big cloud providers. Google announced this week that Google Cloud revenue jumped 45 percent to $4.99 billion in the third quarter compared to the same period last year. You can view the results here Microsoft also announced their Quarter 3 revenue for Intelligent Cloud to be $17.0 billion, an increase of 31% - You can view the results here Microsoft shared earlier this month that things remain “Business as usual for Azure customers despite 2.4 Tbps DDoS attack” in Europe. They reported that the attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region. Read the full statement from Microsoft here The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with NOBELIUM. It's quite the interesting read and the full blog can be found here. If you use discourse, a popular open source forum software, you should make sure that you update to Discourse versions 2.7.9 or later, as a security bug has been found that affects Discourse versions 2.7.8 and earlier. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    22 October, 2021 - HashiConf 2021 - The best Cloud Security Bits

    Play Episode Listen Later Oct 22, 2021 3:03


    Cloud Security News this week 22 October 2021 Hope you have been enjoying your Cloud Security News this week and in our special third instalment for this week we bring you our best bits from Hashiconf Global 2021, conference held by Hashicorp. Hashicorp is a software company who provide open source tools and products - some of their popular products Vagrant, Terraform, Vault and boundary - You can view the conference and the talks here The opening keynote was delivered by their Co-Founders Mitchell Hashimoto, Armon Dadgar, and CEO Dave McJannet - with key themes around Zero Trust, Hybrid and MultiCloud - looking to make Zero Trust more accessible for users. Mitchell Hashimoto spoke about the challenges Developers face when deploying applications with Kubernetes and how Waypoint assists with this. They also spoke about the Hashicorp Cloud Platform (HCP) and the packer service which is now in public Beta, available free to use. Some of the features highlighted included remediation, enforcing security checks and maintaining images Shane Petrich from Target in his talk “Managing Target's Secrets Platform” spoke about how Target manages and maintains its enterprise deployment of HashiCorp Vault (Hashicorp's secret management and data protection product) -- everything from unattended builds, automated maintenance activities, and client onboardings. Identity and account access is one of the first things you set up in the cloud and Austin Burdine, Mike Saraf and Yates Spearman share how Red Ventures implemented a custom Terraform solution to automate access management, meeting the requirements of various compliance frameworks Last year Hashicorp announced Boundary, their secure remote access solution. This year at Hashiconf 2021, Susmitha Girumala and Mike Gaffney from HashiCorp showcased what is new in Boundary with a demo of key capabilities of identity-based access, integrated secrets management with Vault and dynamic host catalogs. Mark Guan and Ruoran Wang from Stripe's Service Networking Team spoke about their multi-region service networking tech stack built on Consul (Hashicorp's service networking solution), how it works across AWS accounts and regions, federated multi-region clusters and on Kubernetes. They also generously shared the challenges they faced. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    21 October, 2021 - Kubecon NA 2021 - what you might miss

    Play Episode Listen Later Oct 21, 2021 3:07


    Cloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team's favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today's episode. TUF refers to The Update Framework, SPIFFE refers to Secure Production Identity Framework for Everyone SPIFFE, SPIRE is the SPIFFE's Runtime Environment). Now that we are all across cool Kube words - lets into the talks Starting off with the talk from Andrew Martin, Co-Founder of Control Plane and Author of Hacking Kubernetes and Kubernetes Threat Modelling. He spoke about Kubernetes Supply Chain Security - he showcased work to build a Kubernetes Software Factory with Tekton and Deep dived on signing and verification approaches to securely build software with (TUF) SPIFFE, SPIRE and sigstore Ian Coldwater from Twilio; Brad Geesaman & Rory McCune from Aqua Security Duffie Cooley from Isovalent combined forces to share with the community how they do security research or hacking Kubenetes clusters using a recently discovered Kubernetes CVE (Common Vulnerability and exposure) - Their talk was called Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk Matt Jarvis from Synk shared what to do if your container has a huge number of Vulnerabilities - how to prioritise them and remediate them in his talk My Container Image has 500 Vulnerabilities, Now What? Talking about containers and Vulnerability scanning If you want to know about how vulnerability scanners work, their blind spots and how to implement a practical risk based approach to remedy vulnerabilities that really matter to your organisation - check out Pushkar Joglekar's Keeping Up with the CVEs: How to Find a Needle in a Haystack? If you find yourself asking “How do I access my S3 bucket in AWS from my GCP cluster?” Brandon Lum & Mariusz Sabath, IBM may have the answer for you in their talk Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak where they talk about a proposed shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    20 October, 2021 - Google Cloud Next 21 - All the Security Updates

    Play Episode Listen Later Oct 20, 2021 5:34


    Cloud Security News this week 20 October 2021 Google Cloud is adding new features to their zero trust access solution, BeyondCorp Enterprise which will enable identity and context-aware access to non-web applications running in Google Cloud and non-Google Cloud environments. They also claim to be making it easier for admins to diagnose access failure, triage events, and unblock users with the new Policy Troubleshooter feature. If you are familiar with XDR - which allows for Extended Detection and Response (XDR) across endpoints, networks, cloud and workspaces. Google also announced a new collaboration with Cybereason to deliver a cloud-native XDR solution . The intent is to automate prevention for common attacks, guide analysts through security operations and incident response, and enables arguably faster threat hunting. They are also enhancing the integration between Chronicle (a SaaS SIEM built on core Google infrastructure that provides security analytics at the speed) and Security Command Center (SCC) on GCP to allow for centralized alerts and investigative workflows across the two platforms, and enables threat-specific pivots by enriching SCC alerts with intelligence on associated threat actors and entities. Google is also strengthening their protection of sensitive data through Automatic DLP (data loss prevention) which is in preview and ensuring encryption of data in transit using Ubiquitous Data Encryption, External Key Management, and Cloud Storage products. Google launched a new Build Integrity feature for Cloud Build which allows to automatically generates a verifiable build manifest that includes a signed certificate describing the sources that went into the build, the hashes of artifacts used, and other parameters. For Google Workspaces they have also introduced new security features. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    14 October, 2021 - Google Cloud Next 21, Kubecon + VMworld

    Play Episode Listen Later Oct 13, 2021 4:47


    Cloud Security News this week 14 October 2021 It's an eventful month for all things cloud as Google Cloud Next 21 and Kubecon are happening this week. Ashish from Cloud Security Podcast was co-hosting the Capture the Flag today with Magno Logan from Trend Micro, you can check it out here. In next week's episode we will be bringing to you the best bits from Kubecon and Google Cloud Next 21. You can view these events virtually at the links below Google Cloud Next 21 Kubecon Google Cloud announced the launch of Google Cybersecurity Action Team, a group of experts from across Google that will form what they believe is the world's premier security advisory team. The role of this team would be to shape security transformation — from roadmap and implementation, through to responding to a major incident, to engineering new solutions. VMware also hosted their annual conference VMworld last week with a big focus on multicloud. They announced their strategy to help customers navigate the multi-cloud era with the launch of VMware Cross-Cloud services. VMware shared that the Cross-Cloud services will deliver three key advantages: an accelerated journey to the cloud, cost efficiency, flexibility and control across any cloud. You can find out more about this here and view VMworld on demand here Amazon owned gaming service Twitch has suffered a huge data leak late last week, with more than 100 gigabytes of data, reportedly taken from 6000 internal Twitch GitHub repositories.The leak has exposed list of Twitch creator payments showing several top earners on the site earned close to $10 million. Some gamers caught up in the leak have verified that the payouts are accurate. Wiz has become the fourth-most-valuable venture-backed cybersecurity company in the world, raising $250 million on a $6 billion valuation Huawei Cloud has become 2nd largest in China and 5th largest in the world according to Gartner Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    06 October, 2021 - AWS Launches Cloud Control API

    Play Episode Listen Later Oct 6, 2021 3:36


    Cloud Security News this week 06 October 2021 AWS has announced the availability of AWS Cloud Control API - a set of common application programming interfaces (APIs) that are designed to make it easy for developers to manage their AWS and third-party services. AWS Cloud Control API can be used to create, read, update, delete, and list (CRUD-L) your cloud resources that belong to a wide range of services—both AWS and third-party. You won't have to generate code or scripts specific to each individual service responsible for those resources.We have linked in the podcast notes a informative video from AWS that explains more about this The inaugural HashiCorp State of Cloud Strategy Survey with about 3200 responses has shared that multi-cloud is no longer aspirational goal but an everyday reality - with ¾ of the respondents noting that they were using 2 clouds or more, top drivers for multicloud adoption are digital transformation, avoid vendor lock in, cost reduction and scaling, many enterprises are yet to realise substantial value from their cloud investment and Cloud skills shortage still remains a major challenge Amazon, Google, Microsoft, Atlassian, CISCO, IBM, Salesforce, Slack and SAP have joined forces to establish the Trusted Cloud Principles as a commitment to protect the rights of their customers. AWS tweeted that this is to “help safeguard the interests of organizations and the basic rights of individuals using cloud services” You can view the Trusted Cloud Principles here. Orca Security has secured $550 million in Series C funding to raise their valuation to $1.8 Billion, investment was led by Temasek, an investment company he adquartered in Singapore. Orca Security has a patent-pending SideScanning™ technology that collects data directly from cloud provider APIs/ cloud configuration and the workload's runtime block storage out-of-band to detect vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured personal identifiable information. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    29 Sep, 2021 - Foggyweb Malware, New Cloud Data Framework + OWASP Top 10

    Play Episode Listen Later Sep 29, 2021 3:53


    Cloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud. The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies. The framework can be found here Microsoft has published information this week on a new malware it calls FoggyWeb which has been deployed by Russia-linked threat actors Nobelium who are said to be behind the devastating SolarWinds supply chain attack. Microsoft's published document can be found here For those of you familiar with OWASP (Open Web Application Security Project), OWASP celebrated its 20th anniversary last week with a 24-hour webinar + launched their top 10 web security vulnerabilities for 2021 updated from 2017. It worth noting that there are a few updates relevant to cloud security - broken access control has moved from #5 to #1, insecure design and server side request forgery have now been added while security misconfiguration has made it to top 5. You can read more about it here Trufflehog, a git repository scanner from Truffle Security was originally released in 2017. Recently an open source extension for chrome was released for Trufflehog that will help identify API Keys for SaaS and cloud providers that are often making their way into Javascript. Cloud Security Alliance released their The State of Cloud Security Risk, Compliance, and Misconfigurations report this month. Based on over 1000 responses from IT and security professionals. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    22 Sep, 2021 - Vulnerabilities in GCP, AWS and Amazon

    Play Episode Listen Later Sep 29, 2021 2:08


    Cloud Security News this week - 22 September 2021 AWS, Google Cloud and Azure have all been busy last few weeks fixing and patching Vulnerabilities. In addition to Azure's OMIGOD flaws which we covered in last week's episode, Google Cloud reported that some of their load balancers were routing to an Identity-Aware Proxy (IAP) enabled Backend Service which could have been vulnerable to an untrusted party. Google Cloud have confirmed that this issue has been resolved. Rhino Security Labs have discovered a vulnerability in AWS WorkSpaces, amazon's virtual desktop. Exploiting this vulnerability allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser. Rhino reported the vulnerability to Amazon and it was promptly patched. Attackers have begun to exploit critical Microsoft Azure vulnerabilities that were reported in last week's episode. The OMIGOD flaws, discovered by the Wiz Research Team have since been patched by microsoft. New data indicates that attackers are scanning the Web for Azure Linux virtual machines that are vulnerable. If successful, an attacker could become root on a remote machine. For organisations and enterprises cloud is about improved flexibility, scalability, and cost-effectiveness. For cybercriminals, Cloud is an environment filled with poorly secured enterprise data, applications, and online assets. IBM in their recently released Security X-Force Cloud Threat Landscape Report highlight increased attacker interest in the thriving black market for stolen credentials used to access enterprise accounts and resources on public cloud platforms. IBM X-Force discovered about 30,000 cloud credentials potentially available for sale on Dark Web and Prices for these credentials ranged from a few dollars to more than $15,000 per credential, based on the level of access and the amount of credit associated with an account. Report available here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

    15 Sep, 2021 - Oracle superior to AWS? AWS Vulnerabilities Discovered and fwd:cloudsec conference held this week

    Play Episode Listen Later Sep 15, 2021 3:19


    Cloud Security News this week - 15 September 2021 Oracle Chief Technology Officer and co-founder Larry Ellison told their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think an application should talk to five or six separate databases referencing AWS' database offerings and calling it a very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web Services and Microsoft lead the market with Alibaba and Google as the next closest competitors. The research team at Wiz has recently discovered four vulnerabilities in the little-known software agent called Open Management Infrastructure (OMI) that is embedded in many popular Azure services.When customers sets up a Linux virtual machine in their cloud, the OMI agent is deployed automatically when they enable certain Azure services. Without a patch, attackers can easily exploit these four vulnerabilities to escalate root or highest privileges and remotely execute malicious code. Microsoft has issued a patch to address this during their Patch Tuesday release on 14 September 2021 Last year at the Reinvent Conference Amazon unveiled Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere. Last week they announced the general availability of Amazon EKS Anywhere. It's a deployment option for Amazon EKS that enables you to easily create and operate Kubernetes clusters on premises using VMware sphere. Fully supported by AWS, Amazon EKS will enable users to automate cluster management, reduce support costs and provide the ability to view all their Kubernetes clusters, running anywhere. Tenable, best known for their IT vulnerability management, has agreed to acquire cloud-native security startup Accurics Inc. for $160 million. Accurics, founded in 2019, states that their platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. Traditionally, Tenable vulnerability management covers physical and virtual infrastructure , they made a few acquisitions in the last 2 years to extend their coverage to cloud and container in an attempt to to provide full coverage across risk identification and mitigation. fwd:cloudsec hosted their cloud security conference this week in-person and streamed live. fwd:cloudsec is a non-profit, conference on cloud security. You can view the entire conference on you tube or on their website ww.fwdcloudsec.org for discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies. This one is definitely a must attend for all things cloud security

    8 Sep, 2021 - IBM Launches Servers for Hybrid Cloud, Microsoft and Verizon bring 5G Edge Cloud Computing

    Play Episode Listen Later Sep 8, 2021 2:14


    Cloud Security News this week - 8 September 2021 Verizon, a multinational telecommunications giant and Microsoft have teamed up to bring on-prem, private 5G edge cloud computing to business. Their offer is a cloud platform that puts compute and storage services at the edge of the network at the customer premises. This has the potential to offer lower lag time and high bandwidth for demanding applications such as virtual and augmented reality and machine learning. In Australia, as part of Macquarie bank path to be 100% cloud for IT infrastructure by 2022, they are embedding a 'secure by design' ethos. Secure by design is an approach to software engineering that is about creating code that is foundationally secure. Read more about Macquarie Bank Cloud Strategy here + here The FBI sent out a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains.. Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Acces the full document on our website www.cloudsecuritypodcast.tv - FBI Document here Lenovo has launched Global Everything-as-a-Service Strategy, bringing all of its as-a-Service offerings under one umbrella that makes everything from the pocket to the cloud available via a single contract framework. Read more about it here IBM has launched new generation of IBM Power servers for frictionless, scalable hybrid cloud. The new IBM Power10 processors are designed specifically for hybrid cloud environments. In a statement IBM has stated that the servers come with security enhancements and Red Hat hybrid cloud capabilities. The servers are meant to respond faster to business demands, protect data from core to cloud, streamline insights and automation and maximize availability and reliability.

    1 Sep, 2021 - Microsoft warns thousands of cloud customers of exposed databases

    Play Episode Listen Later Sep 1, 2021 2:12


    Cloud Security News this week - 1 Sep, 2021 Last Thursday, on the 26th of August 2021 - Microsoft warned thousands of its cloud computing customers, including some of the world's largest companies. that hackers could have the ability to read, change or even delete their main databases. This is due to a vulnerability in the Jupyter Notebook Feature in Microsoft Azure's flagship Cosmos database. Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. AWS has announced the release of AWS Backup Audit Manager a new feature that allows you to audit and report on the compliance of your data protection policies. AWS claims that it provides built-in compliance controls and allows you to customize those controls to define your data protection policies. Google Cloud has recently released on demand vulnerability scanning. Google claims that this will allow checking for vulnerabilities earlier in development. This new feature checks for vulnerabilities both in locally stored container images and images stored within GCP registries. A $2000 bug bounty has been claimed by researcher Robert Heaton, who was able to find a vulnerability in Bumble, a dating app which has more than 100 million users worldwide. By learning how Bumble's application programming interface (API) works the researchers found a way to pinpoint users' exact location, bypassing the safeguards in the app designed to prevent this. Lacework, a data driven security platform has released their quarterly cloud threat report. The report stated that Last year alone, cybercrime and ransomware attacks cost companies $4 billion in damages. They identified a rising demand for access to cloud accounts along with continued increases in scanning and probing of storage buckets, databases, orchestration systems, and interactive logins. Follow us on @CloudSecPod You may also like Cloud Security Podcast

    25 Aug, 2021 - AWS Re:inforce CANCELLED, AWS Launches Partner Program. Microsoft Protests NSA Contract

    Play Episode Listen Later Aug 25, 2021 1:49


    Cloud Security News this week - 25 Aug, 2021 AWS is launching a new partner competency for managed security service providers (MSSPs) which will make their cloud software solutions and services available in the AWS Marketplace. AWS are coining this an industry first + designed to help partners differentiate themselves in a crowded security market Default Permissions on Microsoft Power Apps, a cloud-hosted suite of services that allows organizations to create business intelligence applications has exposed 38 million records. This was discovered by an upguard analyst that Open data protocol API is enabled by default AWS Cancelled re:Inforce Security Conference In Houston Due To COVID-19 and held, A scaled-down, free version of the event was held virtually on Aug. 24 Microsoft has protested a $10B NSA Cloud Contract Awarded To AWS. A google cloud news a bit closer to home, Google's newest cloud region, in Melbourne, Australia, which launched just a month ago on 25 July. went down for 1 hour and 30 minutes due to 'transient voltage' issues that rebooted network hardware. Follow us on @CloudSecPod You may also like Cloud Security Podcast

    Cloud Security News Trailer

    Play Episode Listen Later Aug 25, 2021 0:20


    Welcome to Cloud Security News, your weekly digest of what you need to know in the world of Cloud Security. We do the hard work for you, so you are always across the important bits. Brought to you by the team behind the much loved Cloud Security Podcast Links Cloud Security Podcast

    Claim Cloud Security News

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel