cloud security

Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers

cloud security, CVE-2024-29990, Kubernetes, Microsoft, Patch Tuesday, Vulnerabilities /

Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers 2024-04-09 at 22:02 By Ryan Naraine Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters. The post Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers Read More »

Confidential VMs Hacked via New Ahoi Attacks

Amd, Cloud, cloud security, Intel, virtualization /

Confidential VMs Hacked via New Ahoi Attacks 2024-04-08 at 17:01 By Eduard Kovacs New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Confidential VMs Hacked via New Ahoi Attacks Read More »

Cloud Threat Detection Firm Permiso Raises $18 million

cloud security, Cybersecurity Funding, funding /

Cloud Threat Detection Firm Permiso Raises $18 million 2024-04-04 at 15:33 By Kevin Townsend Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Cloud Threat Detection Firm Permiso Raises $18 million Read More »

Microsoft’s Security Chickens Have Come Home to Roost

China APT, cloud security, CSRB, Government, M365, Microsoft, Nation-State /

Microsoft’s Security Chickens Have Come Home to Roost 2024-04-04 at 13:16 By Ryan Naraine News analysis:  SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft’s Security Chickens Have Come Home to Roost Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack

cloud security, Data Breaches, Featured, Incident Response /

Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack 2024-04-03 at 16:16 By Associated Press Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity

React to this headline:

Loading spinner

Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack Read More »

Cloud Active Defense: Open-source cloud protection

cloud security, Don't miss, GitHub, Hot stuff, News, open source, software /

Cloud Active Defense: Open-source cloud protection 2024-04-02 at 07:31 By Mirko Zorz Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it at no cost

React to this headline:

Loading spinner

Cloud Active Defense: Open-source cloud protection Read More »

Webinar Today: How to Reduce Cloud Identity Risk

Cloud, cloud security, Webinar /

Webinar Today: How to Reduce Cloud Identity Risk 2024-03-26 at 18:46 By SecurityWeek News Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities. The post Webinar Today: How to Reduce Cloud Identity Risk appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Webinar Today: How to Reduce Cloud Identity Risk Read More »

Greylock Makes $10M Bet on Bedrock Security

Artificial Intelligence, Bedrock Security, cloud security, Funding/M&A, generative AI, Greylock Partners, seed-stage /

Greylock Makes $10M Bet on Bedrock Security 2024-03-26 at 17:01 By Ryan Naraine Silicon Valley startup deposits $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI technologies. The post Greylock Makes $10M Bet on Bedrock Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Greylock Makes $10M Bet on Bedrock Security Read More »

Vulnerability Allowed One-Click Takeover of AWS Service Accounts

cloud security /

Vulnerability Allowed One-Click Takeover of AWS Service Accounts 2024-03-21 at 15:46 By Eduard Kovacs AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.  The post Vulnerability Allowed One-Click Takeover of AWS Service Accounts appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Vulnerability Allowed One-Click Takeover of AWS Service Accounts Read More »

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

cloud security, Kubernetes, Vulnerabilities /

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints 2024-03-14 at 14:01 By Ionut Arghire A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints. The post Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints Read More »

The most concerning risks for 2024 and beyond

Artificial Intelligence, attacks, burnout, cloud security, Compliance, cybersecurity, Don't miss, generative AI, Hot stuff, Incident Response, Ransomware, risk, Tanium, Video /

The most concerning risks for 2024 and beyond 2024-03-13 at 07:13 By Help Net Security In this Help Net Security video, Melissa Bischoping, Director, Endpoint Security Research at Tanium, discusses the most concerning risks for 2024 and beyond, from both an internal and external perspective. The post The most concerning risks for 2024 and beyond

React to this headline:

Loading spinner

The most concerning risks for 2024 and beyond Read More »

New Open Source Tool Hunts for APT Activity in the Cloud

APT, cloud security, open source /

New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New Open Source Tool Hunts for APT Activity in the Cloud Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software /

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

React to this headline:

Loading spinner

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth

cloud security, Cybersecurity Funding /

Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth 2024-03-06 at 17:36 By Kevin Townsend Sweet Security announces a $33 million Series A funding round just six months after emerging from stealth with an initial $12 million seed funding. The post Cloud Security Firm Sweet Security Raises $33 Million, 6

React to this headline:

Loading spinner

Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth Read More »

CrowdStrike to Acquire Flow Security

cloud security, CrowdStrike, Data Protection, Featured /

CrowdStrike to Acquire Flow Security 2024-03-06 at 05:03 By SecurityWeek News CrowdStrike says the acquisition of Flow Security will expand its cloud security capabilities with Data Security Posture Management. The post CrowdStrike to Acquire Flow Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

CrowdStrike to Acquire Flow Security Read More »

Axonius Banks $200 Million in Late-Stage Funding 

Accel, attack surface management, Axonius, cloud security, Funding/M&A, Lightspeed Ventures /

Axonius Banks $200 Million in Late-Stage Funding  2024-03-05 at 16:52 By Ryan Naraine Axonius has raised approximately $600 million since 2017 and is considered one of cybersecurity’s so-called unicorns with a valuation of $2.6 billion. The post Axonius Banks $200 Million in Late-Stage Funding  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Axonius Banks $200 Million in Late-Stage Funding  Read More »

How organizations can navigate identity security risks in 2024

access management, authentication, CISO, cloud security, cybersecurity, Don't miss, Features, Hot stuff, hybrid IT, identity management, News, opinion, SaaS, strategy, tips, Zilla Security /

How organizations can navigate identity security risks in 2024 2024-02-29 at 07:34 By Mirko Zorz Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks

React to this headline:

Loading spinner

How organizations can navigate identity security risks in 2024 Read More »

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

Microsoft begins broadening free cloud logging capabilities

CISA, cloud security, Don't miss, Government, Hot stuff, logging, Microsoft, News, USA /

Microsoft begins broadening free cloud logging capabilities 2024-02-22 at 14:47 By Helga Labus After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies who do

React to this headline:

Loading spinner

Microsoft begins broadening free cloud logging capabilities Read More »

Scroll to Top