Cloud Security News this week 14 July 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 30 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 23 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The vulnerability discovered that there is a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. . You can read more about this vulnerability here Duo Sreeram KL and Sivanesh Ashok found a SSRF Vulnerability in GCP, which when exploited could make users click onto a malicious URL allowing attacks to gain control of an authorisation token and the user’s GCP projects. CircleCI delivered and have released an incident report which details what happened, how to know if you were impacted, what may help your teams, what they learnt and what they will do next. Corsha, which is API Identity and Access Management software company has released a report - It’s Time To Get Honest About Secrets Management Corsha State of API Secrets Management Report, 2023. Orca security have reported that they found instances where different services were vulnerable to a (you guessed it) Server Side Request Forgery (SSRF) attack. They shared that 2 of the vulnerabilities did not require authentication, meaning that they could be exploited without even having an Azure account.The vulnerabilities were found in Azure Twin Explorer, Azure Functions, Azure API Management Service and Azure Machine Learning Service. You can read their blog here to find out more Techcrunch has reported this week that Dell has acquired an israeli cloud orchestration startup Cloudify for allegedly $100M. Cloudify helps with the management of containers and workloads across hybrid environments. Dell has not publically mad this announcement but Techcrunch has shared that they notice a form they have lodged to indicate this.
Cloud Security News this week 14 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News According to recent study published by IEEE which I found interesting (which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industrial Internet of Things (IIoT) (33%) will be the five most important areas of technology of 2023” Late December, a security engineer at CircleCI received an email notification about a potential attack on his CircleCI account thanks to an AWS CanaryToken placed by him. On Jan 4th, CircleCI advised to rotate any and all secrets stored in CircleCI and published a blog outlining the various ways to do it. AWS announced on 5 Jan 2023, that Amazon S3 will now automatically apply server-side encryption for each new object. This has been welcomed by AWS users as a good compliance tick and also would assist with those pesky S3 bucket breaches which are still all too common. Unit 42 researchers from Palo Alto Networks recently released a report about Automated Libra, the cloud threat actor behind the freejacking campaign PurpleUrchin, reporting that they had created more than 130,000 accounts on free or limited-use cloud platforms such as Heroku and GitHub. Google has released reports sharing that API endpoints are increasing under attack mostly (no surprises here) due to API misconfigurations. According to their reports, many companies are intending to expand their real-time monitoring of API servers and using (AI/ML) systems to better discover flaws and detect attacks.
Cloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 16 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 9 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 2 March 2022 Brought you by Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 16 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google’s Cybersecurity Action Team has released Threat Horizon’s report this month. The report can be accessed here Staying in theme with Google Cloud (which also happens to be our theme for this month at Cloud Security Podcast). This week they have reported a low severity vulnerability in the Linux kernel's function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout. You can find out more about this vulnerability here. Azure has announced Azure Payment HSM in preview in East US and North Europe. You can find out more about it here. Cloud Security Alliance’s Technology and Cloud Security Maturity report. You can read the entire report here. Have you heard about the Internet Society or ISOC? Its one of the oldest global nonprofit with a goal of keeping the Internet as a force for good: open, globally connected, secure, and trustworthy. The researchers at Clario recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members. A blob container named ISOC contained millions of json files that were structured to include login, password and email. Clario reported this to ISOC and the repository was subsequently secured. ISOC also confirmed that they have not seen any instances of malicious access to member data as a result of this issue. You can read more about this here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 09 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud has released the Virtual Machine Threat Detection tool as part of their Security Command Center for Premium customer. According to Google’s blog this “is a first-to-market detection capability from a major cloud provider that provides agentless memory scanning to help detect threats like cryptomining malware inside your virtual machines running in Google Cloud.” For those familiar with AWS Guardduty, how does this compare - share with us on linkedin, twitter or on our website. You can read Google Cloud’s announcement here. Being a Cloud Security Enthusiast, you are probably familiar with the Cloud Security Alliance, they are well known for defining standards, certifications, and best practices for security cloud environments. This week they have released DevSecOps - Pillar 4 Bridging Compliance and Development as part of the DevSecOps Six Pillars series. This document focuses on how compliance can be automated and better relate to security requirements. You can access the full document here. We would love to hear your thoughts about this pillar, so please share your views on www.cloudsecuritypodcast.tv Security Researcher Harsh Jaiswal received a bounty award of $17,576 for whats been described as a “pretty simple” but critical SSRF related to HelloSign’s Google Drive Docs export feature.You can read more about the security team’s response here and the vulnerability report here. Cloudflare, a Silicon Valley provider of content delivery network (CDN) and DDoS mitigation services has launched a public bug bounty program, further to their invite-only program in place since 2018. You can find out more about the program here Tenable, a popular product for vulnerability scanning, has announced new features to their cloud native application security program, Tenable.cs. You can find our more about tenable and tenable.cs here. Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters. You can read more about this here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Cloud Security News this week 02 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud have reported that 3 security vulnerabilities have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.Google have shared that these vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu). Pods using GKE Sandbox are not vulnerable to these vulnerabilities. You can find out more about it here. Safety detectives uncovered and reported on a misconfigured AWS S3 bucket that exposed over 1 million files - “The data we observed related to airport employees from different sites across Colombia and Peru, and there could be entities from other nations with exposed data on the bucket.” The full report can be viewed here. Salesforce now requires all customers to use multi-factor authentication MFA in order to access Salesforce products. It's one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers' data. Let us know what you think of this change and more on this can be found here. Markets and Markets has shared that the “global cloud security market size is expected to grow from USD 40.8 billion in 2021 to USD 77.5 billion by 2026”. You can find out more here Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding bringing their funding to date to $71 million. In a company blog CEO, Rakesh Narasimhan shared that the new funding is a significant milestone in accelerating their mission to provide the most innovative cloud security, compliance automation, and cloud security posture management (CSPM) platforms that enable enterprises of all sizes with the fastest path to security and compliance in the cloud. You can find out more about them here. Check Point has acquired Spectral, an Israeli startup who have developer-first security tools designed by developers for developers. With this acquisition, Check Point extends its cloud solution, Check Point CloudGuard, with developer-first security platform, to provide a range of cloud application security use cases including Infrastructure as Code (IaC) scanning and hardcoded secrets detection. Find out more here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast:
Cloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.” Read more about this here. Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here Vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here Sysdig’s platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 12 Jan 2022 UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a handful of cloud providers. A lot of major British banks have partnerships with cloud providers “AWS has announced deals with Barclays and HSBC, while Lloyd Banking Group holds partnerships with Google Cloud and Microsoft Azure.”. There is an increasing concerns about the impacts on the banks should these cloud providers experience outages. You can view the financial times article here Speaking of regulators and how they are dealing with cloud providers, a few weeks ago in December Chinese regulators have “suspended an information-sharing partnership with Alibaba Cloud Computing” over concerns that it failed to promptly report and address a cybersecurity vulnerability. According to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology “Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator”.This comes after, according to Reuters “The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.” From what we understand, there is no statement from Alibaba Cloud on this yet. You can read more about this here. Gartner's Report can be found here. Redhat's Report can be found here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 5 Jan 2022 Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this here Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”. They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog here. Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to set up a backdoor on the compromised host to do cryptomining. This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. You can see the blog and their findings here. SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. You can view the full report here Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. You can read more about the findings here and threatpost report here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year, we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield, Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets, you can now use EventBridge to build applications that react quickly and efficiently to changes in your S3 objects. This will deliver responses to potential Events/incidents of interest in a faster, more reliable, and in a more developer-friendly way than ever. More on this here If you use AWS Control Tower and care about Data Residency, now you will be able to apply Preventive and detective controls that prevent provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower. This means that content cannot be created or transferred outside of your selected Regions at the infrastructure level. More on this here They have announced Amazon VPC IP Address Manager (IPAM), a new feature that provides network administrators with an automated IP management workflow.making it easier to organize, assign, monitor, and audit IP addresses in at-scale networks. More on this here new feature.” Amazon VPC Network Access Analyzer. In contrast to manual checking of network configurations, which is error-prone and hard to scale, this tool lets you analyze your AWS networks of any size and complexity. You can get started with a set of Amazon-created scopes, and then either copy & customize them, or create your own from scratch. More on this here A new Amazon S3 Object Ownership setting and the Amazon S3 console policy editor. More on the Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 24 November 2021 CSA recently announced that they have now had 1500 Cloud services evaluated across to the STAR registry principles. According to CSA, by publishing to the registry organizations can show current and potential customers their security and compliance posture which may prevent the need for them to complete multiple security questionnaires. You can find more information about CSA and STAR registry here Security researcher Schütz was rewarded a $4,133 bounty by the Google Vulnerability Rewards Program for his Google Internal API vulnerability discovery. Google has now fixed this bug. You can read more about this here and the Schütz has documented his discovery here Palo Alto Networks - a well known cybersecurity Vendor - Their Chairman and CEO Nikesh Arora told investors that they are “18-to-24 months ahead from a competitive platform perspective”. There a few exciting players in the Cloud Security Market right now and you can read more about this here You can also find more about Palo Alto, Orca Security, Wiz and Lacework on the links Lacework, they have recently raised $1.3 billion in fresh capital at a valuation of $8.3 billion, making this one of the largest venture funding rounds of the year in the United States. Nasdaq covered a bit more about this here. In comparison Orca Security raised $550 million in Series C funding to raise their valuation to $1.8 Billion and Wiz raised $250 million on a $6 billion valuation Clubhouse, an audio based chatroom launched in 2020 which gained popularity during the pandemic has launched a BugBounty program on HackerOne. The scope of the Bounty includes their API and websites. The program has upto $3000 on offer for any critical vulnerabilities reported. You can find more about the program here Using a compromised password, an unauthorised third party has managed to infiltrate GoDaddy’s systems affecting atleast 1.2 million users. Along with usernames, passwords and emails, the attackers also gained access to SSL private keys for a subset of users. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this here JupiterOne (a Cyber Asset Management Platform ) and Cisco have announced the launch of Secure Cloud Insights, an expanded cloud security and security operations partnership designed to provide businesses with a range of cybersecurity services. This new solution is aimed at helping Cisco customers achieve a higher level of maturity with their digital transformation and security program. CEO of Jupiter One, Erkang Zheng calls it a game changing offering - that would provide increased visibility, efficiency, and speed to security operations, with combined context from situational awareness and structural data. We would be curious to know if you think the same. Those familiar with Palo Alto and their core cloud-security package, Prisma may be intrigued to know that they have launched Prisma 3.0. Truffle Security has released an open source hacking tools called Driftwood designed to discover leaked, paired private and public keys which may be harmful. Driftwood builds upon Truffle Hog and is available on Github. Truffle Security in their blog which is shared here. stated that With this tool they found the private keys for hundreds of Transport Layer Security certificates, and Secure Shell keys that would have allowed an attacker to compromise millions of endpoints/devices. The Federal government is going from a “Cloud First” to a “Cloud Smart” strategy to leverage cloud without compromising security. They quoted that “Cloud Smart is about equipping agencies with the tools and knowledge they need to make these decisions for themselves, rather than a one-size-fits-all approach.The shift will be from “buy before build” to “solve before buy,”. Under security they added that “Successfully managing cloud adoption risks requires collaboration” leaning into that shared responsibility model we hear often about with Cloud Security. The link to the document is here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy: