cloud security
Malware that spreads via Redis now capable of deploying ransomware
P2Pinfect now able to deploy ransomware and crypto miner payloads.
AWS
AWS overhauls IAM control plane after vulnerability exposed users
Datadog suggests AWS Amplify users conduct "an audit of your roles and potential threat activity" after investigation.
AWS
AWS took 6 months to fix Security Token Service bug - IAM policy simulator inadequate, says Stedi
"No system is infallible. Sometimes, it is AWS..."
Kubernetes
A NASDAQ-listed firm left its Kubernetes clusters perilously exposed. 1,000+ have fallen into the same trap. Here’s why
Google says "we've taken several steps to reduce the risk of users making authorization errors with the Kubernetes built-in users and groups, including..."
News
Google talks up AI, security for cloud
Google unveiled a series of AI-centric features for its various cloud offerings, with security in particular being a focus
cloud security
Reimagining cloud-native security for developers and platform owners
Even with ‘traditional’ configuration of resources in the cloud - and Kubernetes becomes a more extreme example of this – what is crystal clear is that security cannot stay outside of the development and DevOps teams."
Azure
Microsoft admits “insecure pattern” in Azure AD exposed customers to risk of data loss, account takeover
"The risk is mainly with multi-tenant applications where this misconfiguration could result [in] account and privilege escalation" -- here's what you need to do.
Cybersecurity
Cryptojacking: Low Risk for Them, High Cost for You
With harvested credentials some groups spun up additional resources until they exhausted the credit cards on file...
Cybersecurity
Novel cloud attack pivoted from K8s to Lambda, pulled IAM keys from Terraform
A recent attack tracked by researchers at cloud security company Sysdig saw the attackers use an exposed Kubernetes container to move laterally to the victim’s AWS account – gaining initial access by exploiting a public-facing service in a self-managed Kubernetes cluster hosted inside an AWS cloud account. The company'
Cybersecurity
Pentagon CIOs slapped over cloud security by auditors days before 3TB of emails exposed
Days before the exposure this week of over three terabytes of military emails owing to misconfigured Azure services, the US Department of Defense (DoD)’s Inspector General had warned Pentagon CIOs that their teams were not properly reviewing documentation designed to ensure military cloud security – and running systems with unmitigated
Cloud
Oracle Cloud the latest to be exposed by Wiz for tenant isolation failure
Oracle fixed the vulnerability "extraordinarily quickly" in July, but it is unclear when it was introduced
Cybersecurity
Industry gets a year more to implement strict new UK telco security rules
Strong new requirements for cloud providers and network security on their way.