cloud computing

Misconfigurations and IAM weaknesses top cloud security concerns

access management, cloud computing, cloud security, Cloud Security Alliance, CSP, cybersecurity, News, report, supply chain /

Misconfigurations and IAM weaknesses top cloud security concerns 2024-08-12 at 06:02 By Help Net Security Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. Misconfigurations, IAM weaknesses, and API risks remain critical […]

React to this headline:

Loading spinner

Misconfigurations and IAM weaknesses top cloud security concerns Read More »

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially

React to this headline:

Loading spinner

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

AWS, Cisco, cloud computing, Don't miss, Google Cloud, Hot stuff, Intel, logging, News, open source, Sumo Logic, Tenable, Trend Micro, VMWare, vulnerability /

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

Embracing offensive cybersecurity tactics for defense against dynamic threats

bug bounty, cloud computing, cybersecurity, Don't miss, Features, Hot stuff, opinion, penetration testing, red team, regulation, SIX, strategy, Threat Intelligence /

Embracing offensive cybersecurity tactics for defense against dynamic threats 2024-01-11 at 07:02 By Mirko Zorz In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. What are the critical steps in creating effective offensive security

React to this headline:

Loading spinner

Embracing offensive cybersecurity tactics for defense against dynamic threats Read More »

4 warning signs that your low-code development needs DevSecOps

automation, cloud computing, code, Compliance, Copado, cybersecurity, DevSecOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, product testing /

4 warning signs that your low-code development needs DevSecOps 14/11/2023 at 09:31 By Help Net Security Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will start hitting speed bumps that eventually become roadblocks. If your

React to this headline:

Loading spinner

4 warning signs that your low-code development needs DevSecOps Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

Cybersecurity workforce shortages: 67% report people deficits

Artificial Intelligence, cloud computing, cybersecurity, Don't miss, Hot stuff, ISC2, machine learning, News, professional, report, skill development, strategy, zero trust /

Cybersecurity workforce shortages: 67% report people deficits 02/11/2023 at 09:02 By Help Net Security The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2. While this is the highest workforce ever recorded, the report shows that demand is still outpacing the supply. The cybersecurity

React to this headline:

Loading spinner

Cybersecurity workforce shortages: 67% report people deficits Read More »

The hidden costs of Java, and the impact of pricing changes

Azul, Cloud, cloud computing, CVE, cybersecurity, Java, Log4j, News, open source, Oracle, report, survey /

The hidden costs of Java, and the impact of pricing changes 01/11/2023 at 07:01 By Help Net Security An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including

React to this headline:

Loading spinner

The hidden costs of Java, and the impact of pricing changes Read More »

High-business-impact outages are incredibly expensive

Cloud, cloud computing, cybersecurity, data, data analysis, Don't miss, Hot stuff, New Relic, professional, software, Video /

High-business-impact outages are incredibly expensive 05/10/2023 at 07:01 By Help Net Security In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs. 32% of respondents to a recent

React to this headline:

Loading spinner

High-business-impact outages are incredibly expensive Read More »

What AppSec and developers working in cloud-native environments need to know

Application Security, Backslash Security, cloud computing, containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IaaS, microservices, News, opinion, serverless, software /

What AppSec and developers working in cloud-native environments need to know 20/09/2023 at 08:05 By Help Net Security All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, making them creators and distributors

React to this headline:

Loading spinner

What AppSec and developers working in cloud-native environments need to know Read More »

Access control in cloud-native applications in multi-location environments (NIST SP 800-207)

Cloud, cloud computing, cloud security, News, NIST, strategy, tips, zero trust /

Access control in cloud-native applications in multi-location environments (NIST SP 800-207) 14/09/2023 at 11:47 By Help Net Security NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.” Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and

React to this headline:

Loading spinner

Access control in cloud-native applications in multi-location environments (NIST SP 800-207) Read More »

Lack of visibility into cloud access policies leaves enterprises flying blind

access management, authentication, cloud computing, cloud security, Compliance, cybersecurity, identity, News, passwordless, Privacy, report, Strata Identity /

Lack of visibility into cloud access policies leaves enterprises flying blind 24/08/2023 at 06:00 By Help Net Security Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity. Cloud security

React to this headline:

Loading spinner

Lack of visibility into cloud access policies leaves enterprises flying blind Read More »

Maintaining consistent security in diverse cloud infrastructures

CISO, Cloud, cloud computing, cloud security, cyber resilience, cybersecurity, DevOps, Don't miss, Features, Hot stuff, misconfiguration, Mitigant, monitoring, News, opinion, training /

Maintaining consistent security in diverse cloud infrastructures 22/08/2023 at 07:01 By Mirko Zorz As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and

React to this headline:

Loading spinner

Maintaining consistent security in diverse cloud infrastructures Read More »

Attackers can turn AWS SSM agents into remote access trojans

AWS, cloud computing, cloud security, Don't miss, enterprise, Hot stuff, Mitiga, News, Remote Access Trojan, research /

Attackers can turn AWS SSM agents into remote access trojans 02/08/2023 at 16:02 By Zeljka Zorz Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and

React to this headline:

Loading spinner

Attackers can turn AWS SSM agents into remote access trojans Read More »

Cloud security: Sometimes the risks may outweigh the rewards

Akamai, Cloud, cloud computing, cloud security, cybersecurity, Don't miss, Expert analysis, Hot stuff, News, opinion, vulnerability /

Cloud security: Sometimes the risks may outweigh the rewards 03/07/2023 at 07:32 By Help Net Security Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across

React to this headline:

Loading spinner

Cloud security: Sometimes the risks may outweigh the rewards Read More »

Scroll to Top