cloud security - Security Ticks

Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data

Azure, cloud security, healthcare / SecurityTicks

Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data 2024-08-14 at 18:16 By Eduard Kovacs Azure Health Bot Service vulnerabilities found by Tenable could have been exploited for lateral movement and may have allowed customer data exposure. The post Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data appeared first on SecurityWeek. This article is […]

React to this headline:

Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data Read More »

Scout Suite: Open-source cloud security auditing tool

Alibaba Cloud, auditing, AWS, Azure, cloud security, Don't miss, GitHub, Google Cloud, Hot stuff, NCC Group, News, open source, software / SecurityTicks

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

React to this headline:

Scout Suite: Open-source cloud security auditing tool Read More »

Misconfigurations and IAM weaknesses top cloud security concerns

access management, cloud computing, cloud security, Cloud Security Alliance, CSP, cybersecurity, News, report, supply chain / SecurityTicks

Misconfigurations and IAM weaknesses top cloud security concerns 2024-08-12 at 06:02 By Help Net Security Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. Misconfigurations, IAM weaknesses, and API risks remain critical

React to this headline:

Misconfigurations and IAM weaknesses top cloud security concerns Read More »

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

Account Takeover, AWS, Cloud, cloud security / SecurityTicks

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers 2024-08-08 at 13:31 By Eduard Kovacs AWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts. The post AWS Patches Vulnerabilities Potentially Allowing Account Takeovers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers Read More »

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

Artificial Intelligence, AWS, cloud security, Honeypot, MadPot, Mithra, Threat Intelligence / SecurityTicks

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains 2024-08-06 at 00:01 By Ryan Naraine AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains. The post AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious

React to this headline:

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains Read More »

Microsoft Says Azure Outage Caused by DDoS Attack Response

Azure, cloud security, DDoS, Featured, Microsoft, outage / SecurityTicks

Microsoft Says Azure Outage Caused by DDoS Attack Response 2024-07-31 at 16:06 By Eduard Kovacs Microsoft’s response to a DDoS attack on Azure amplified the impact of the attack instead of mitigating it, causing outages. The post Microsoft Says Azure Outage Caused by DDoS Attack Response appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Microsoft Says Azure Outage Caused by DDoS Attack Response Read More »

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’

CISA, CISO Strategy, cloud security, CSRB, Google Cloud, Government, Regulations / SecurityTicks

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ 2024-07-30 at 18:48 By Ryan Naraine SecurityWeek fireside chat: Google Cloud CISO on CISA’s secure-by-design initiatives, government regulations, holding vendors accountable, and transformational security leadership. The post Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ appeared first on SecurityWeek. This article is an

React to this headline:

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ Read More »

Selenium Grid Instances Exploited for Cryptomining

cloud security, Selenium / SecurityTicks

Selenium Grid Instances Exploited for Cryptomining 2024-07-29 at 13:01 By Eduard Kovacs Wiz has detailed SeleniumGreed, a campaign in which threat actors target exposed Selenium Grid instances for cryptomining. The post Selenium Grid Instances Exploited for Cryptomining appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Selenium Grid Instances Exploited for Cryptomining Read More »

Enhancing threat detection for GenAI workloads with cloud attack emulation

Cloud, cloud security, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Mitigant, News, opinion, threat detection / SecurityTicks

Enhancing threat detection for GenAI workloads with cloud attack emulation 2024-07-29 at 08:01 By Help Net Security Cloud GenAI workloads inherit pre-existing cloud security challenges, and security teams must proactively evolve innovative security countermeasures, including threat detection mechanisms. Traditional cloud threat detection Threat detection systems are designed to allow early detection of potential security breaches;

React to this headline:

Enhancing threat detection for GenAI workloads with cloud attack emulation Read More »

Cirrus: Open-source Google Cloud forensic collection

cloud security, computer forensics, cybersecurity, digital forensics, Don't miss, GitHub, Hot stuff, News, open source, software, Sygnia / SecurityTicks

Cirrus: Open-source Google Cloud forensic collection 2024-07-29 at 07:16 By Mirko Zorz Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture. Key features

React to this headline:

Cirrus: Open-source Google Cloud forensic collection Read More »

Cloud security threats CISOs need to know about

AlgoSec, Artificial Intelligence, cloud security, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, Incident Response, News, opinion, vulnerability management / SecurityTicks

Cloud security threats CISOs need to know about 2024-07-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API

React to this headline:

Cloud security threats CISOs need to know about Read More »

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018

AuthZ bypass, cloud security, CVE-2024-41110, CVSS 10, Docker, Docker Engine, Vulnerabilities / SecurityTicks

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 2024-07-25 at 02:31 By Ryan Naraine The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 appeared first on SecurityWeek. This article

React to this headline:

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 Read More »

Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech

Artificial Intelligence, cloud security, Cyberstarts, Dazz, Funding/M&A, Greylock Partners / SecurityTicks

Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech 2024-07-24 at 22:01 By Ryan Naraine The new financing brings the total raised by Dazz to $110 million as investors double down on bets in the cloud security remediation space. The post Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech appeared first on

React to this headline:

Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech Read More »

Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks

Artificial Intelligence, cloud security, Funding/M&A, seed-stage, Zest Security / SecurityTicks

Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks 2024-07-24 at 22:01 By Kevin Townsend Zest Security emerged from stealth with $5 million funding and an AI-powered platform that resolves the root source of risk in the cloud. The post Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks appeared first on SecurityWeek.

React to this headline:

Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks Read More »

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access

AI, Artificial Intelligence, cloud security, SAP, vulnerability / SecurityTicks

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access 2024-07-18 at 18:01 By Eduard Kovacs SAP patches AI Core vulnerabilities allowing attackers to access customer data and take over the service. The post SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access Read More »

Signatures should become cloud security history

cloud security, cybersecurity, Don't miss, Hot stuff, open source, RAD Security, standards, threat detection, Video / SecurityTicks

Signatures should become cloud security history 2024-07-18 at 06:01 By Help Net Security It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source

React to this headline:

Signatures should become cloud security history Read More »

Virtual Event Today: Cloud & Data Security Summit | 2024

cloud security, event / SecurityTicks

Virtual Event Today: Cloud & Data Security Summit | 2024 2024-07-17 at 14:16 By Mike Lennon Join us as we explore the latest trends in the world of SaaS security, cyberattacks against cloud infrastructure, data security posture management (DSPM), and the hype and promise of AI and LLM technologies. The post Virtual Event Today: Cloud

React to this headline:

Virtual Event Today: Cloud & Data Security Summit | 2024 Read More »

Google in Advanced Talks to Buy Wiz for $23B: WSJ Report

cloud security, DSPM, Funding/M&A, Google, Wiz / SecurityTicks

Google in Advanced Talks to Buy Wiz for $23B: WSJ Report 2024-07-14 at 22:55 By SecurityWeek News Google’s parent company Alphabet is reportedly in advanced talks to acquire the hotshot Israeli data security startup. The post Google in Advanced Talks to Buy Wiz for $23B: WSJ Report appeared first on SecurityWeek. This article is an

React to this headline:

Google in Advanced Talks to Buy Wiz for $23B: WSJ Report Read More »

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers

account protection, AT&T, attacks, cloud security, cybercrime, data breach, Don't miss, Hot stuff, News, Privacy, Snowflake / SecurityTicks

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers 2024-07-12 at 15:31 By Zeljka Zorz Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the content

React to this headline:

Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Read More »

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach

account protection, cloud security, data breach, Don't miss, enterprise, Hot stuff, MFA, News, Snowflake / SecurityTicks

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach 2024-07-12 at 14:46 By Zeljka Zorz Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney

React to this headline:

Info of 2,3+ million individuals stolen in Advance Auto Parts data breach Read More »