infoq, 16 days ago to devops

#HashiCorp's Boundary 0.16 is here with an update that simplifies connecting to target infrastructure, has better search and filtering, and adds MinIO compatibility.

Get all the details on #InfoQ 👉 https://bit.ly/4aH2gDS

#DevOps #CloudSecurity

YourAnonRiots, 3 months ago to cryptocurrency Japanese

🚨 New #malware campaign targets misconfigured servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis to deliver #cryptocurrency miners and enable remote access.

https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html

#cybersecurity #hacking #cloudsecurity

jpmellojr, 3 months ago to Cybersecurity

Threat actors, frequently frustrated by improved enterprise security systems, increased their efforts to compromise credentials in 2023, according to CrowdStrike. #crowdstrike #cybersecurity #cloudsecurity #identitytheft #cybercrime #adversarytactics #cyberthreats
https://jpmellojr.blogspot.com/2024/02/identity-hacking-saw-sharp-rise-2023.html

YourAnonRiots, 3 months ago to Cybersecurity Japanese

Concerned about the expanded attack surface in the cloud?

Wazuh, an open-source #cybersecurity platform, provides real-time threat detection and incident response for your cloud environments.

https://thehackernews.com/2024/02/wazuh-in-cloud-era-navigating.html

#ThreatDetection #CloudSecurity

0x58, 4 months ago to AWS

📺 One to watch today - Interesting @frichetten #BlackHat talk titled "Evading Logging in the Cloud: Bypassing AWS CloudTrail" :cloudcomputing:​

#aws #cloud #security #cloudtrail #iam #api #infosec #cloudsecurity

https://youtu.be/YP2XNAbB_Nw?si=mLK1z_fh8MZkgsVG

YourAnonRiots, 4 months ago to azure Japanese

🛡️ Researchers uncover details of 3 vulnerabilities in #Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could have allowed attackers root access and system disruption.

https://thehackernews.com/2024/02/high-severity-flaws-found-in-azure.html

#cybersecurity #infosecurity #cloudsecurity

cigitalgem, 4 months ago to ML

Listen to Google's Cloud Security Podcast featuring BIML's work (and me!). #MLsec #ML #AI #cloud #cloudsecurity

https://berryvilleiml.com/2024/01/25/google-cloud-security-podcast-features-biml/

tedi, 4 months ago to random

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques: https://threats.wiz.io/

#cloudsecurity #threatintel

andreas, 4 months ago to random

⚠️ A major risk when using customer-managed KMS keys is that someone deletes the key, and thus, all data is encrypted with the key. How to mitigate the risk?

1️⃣ AWS does not allow to delete keys immediately but enforces a waiting period of 7 to 30 days.
2️⃣ Customers use key policies, IAM policies, or SCPs to restrict access to the kms:ScheduleKeyDeletion action.

But there is another risk of losing access to a key: modifying the key policy. (1/2)

#awscommunity #cloudsecurity #amazonwebservices

itnewsbot, 4 months ago to CloudComputing

How finops can make the cloud more secure - Cloud finops is the discipline of accounting for and optimizing cloud computing spendi... - https://www.infoworld.com/article/3712262/how-finops-can-make-the-cloud-more-secure.html#tk.rss_all #cloudmanagement #cloudcomputing #cloudsecurity

sethsec, 5 months ago to random

CloudFox v.1.13.0 is out with 2 new AWS commands and a bunch of updates.

• The new workloads command looks at EC2, Lambda, and ECS and highlights any workload that has an admin role attached, as well as any role that can privesc to admin!

• The new api-gws command contributed by Wyatt Dahlenburg finds all API gw endpoints and crafts custom curl commands for you with any API keys found in the endpoint metadata)

• The env-vars command has been upgraded to help you find secrets stored in environment variables. It highlights interesting variable names and creates a separate output file with just the interesting items.

• The role-trusts command has been upgraded to help you find overly permissive role trusts, particularly those that trust :root, without an ExternalID.

https://github.com/BishopFox/cloudfox

#cloudfox #cloudsecurity

itnewsbot, 5 months ago to CloudComputing

You should be worried about cloud squatting - Most security issues in the cloud can be traced back to someone doing something stupid... - https://www.infoworld.com/article/3711763/you-should-be-worried-about-cloud-squatting.html#tk.rss_all #cloudmanagement #cloudcomputing #cloudsecurity

itnewsbot, 5 months ago to azure

Confidential computing in Microsoft Azure gets a boost - One of the biggest challenges facing any enterprise using the public cloud is the fact... - https://www.infoworld.com/article/3711680/confidential-computing-in-microsoft-azure-gets-a-boost.html#tk.rss_all #microsoftazure #cloudcomputing #cloudsecurity #security #hardware

itnewsbot, 5 months ago to azure

Fortifying confidential computing in Microsoft Azure - One of the biggest challenges facing any enterprise using the public cloud is the fact... - https://www.infoworld.com/article/3711680/fortifying-confidential-computing-in-microsoft-azure.html#tk.rss_all #microsoftazure #cloudcomputing #cloudsecurity #security #hardware

itnewsbot, 6 months ago to CloudComputing

Cloud security and devops have work to do - If there is anything that keeps cloud development leaders up at night, it’s the fact t... - https://www.infoworld.com/article/3711362/cloud-security-and-devops-have-work-to-do.html#tk.rss_all #cloudcomputing #cloudsecurity #devsecops #devops

YourAnonRiots, 6 months ago to Cybersecurity Japanese

Kubernetes isn't just a tool; it's a target now!

Join this wxpert-led #cybersecurity WEBINAR on fighting cloud security threats – essential knowledge for every IT security pro.

🔗 Click here to register: https://thn.news/2L7nEtoM

#informationsecurity #cloudsecurity

itnewsbot, 6 months ago to CloudComputing

Open source is still the future of enterprise IT - Cloud computing has become synonymous with enterprise IT, but let’s not get ahead of o... - https://www.infoworld.com/article/3709930/open-source-is-still-the-future-of-enterprise-it.html#tk.rss_all #cloudcomputing #cloudsecurity #cloud-native #opensource #linux

itnewsbot, 7 months ago to CloudComputing

Oracle open-sources Jipher for FIPS-compliant SSL - Oracle is open-sourcing Jipher, a Java Cryptography Architecture (JCA) provider built ... - https://www.infoworld.com/article/3710172/oracle-open-sources-jipher-for-fips-compliant-ssl.html#tk.rss_all #softwaredevelopment #cloudcomputing #cloudsecurity #networking #security #java

itnewsbot, 7 months ago to opensource

KubeCon points to the future of enterprise IT - Cloud has become synonymous with enterprise IT, but let’s not get ahead of ourselves. ... - https://www.infoworld.com/article/3709930/kubecon-points-to-the-future-of-enterprise-it.html#tk.rss_all #cloudsecurity #cloud-native #opensource #linux

BishopFox, 7 months ago to AWS

Are you interested in the world of #cloudhacking and #cloudsecurity? Then you don’t want to miss this recap of a recent Cloud Security Podcast episode featuring Bishop Fox’s @sethsec where he touches upon #AWS #pentesting, why cloud configuration reviews just don’t cut it sometimes, and more.

https://bfx.social/3tUvCyS

itnewsbot, 7 months ago to CloudComputing

3 things for your 2024 cloud to-do list - It’s budget time for many enterprises, and the question that I get most this time of y... - https://www.infoworld.com/article/3709516/3-things-for-your-2024-cloud-to-do-list.html#tk.rss_all #cloudcomputing #cloudsecurity #multicloud #itstrategy

danyork, 7 months ago to random

There is something greatly amusing about having a session about “Cloud Architectures” … in a room *** with clouds on the ceiling!! *** 😃

#ISC2Congress #CloudSecurity

itnewsbot, 7 months ago to security

How to have encryption, computation, and compliance all at once - For years, data teams worked with simple data pipelines. These generally consisted of ... - https://www.infoworld.com/article/3708292/how-to-have-encryption-computation-and-compliance-all-at-once.html#tk.rss_all #datagovernance #cloudsecurity #analytics #security

BishopFox, 7 months ago to random

(Cloud)Fox spotted in the wild at Wild West Hackin'​ Fest! Thanks for the shoutout, Beau Bullock.

We recently celebrated the 1-year anniversary of CloudFox; check out some of the milestone updates since original publication in this recap. https://bfx.social/48VUKVR

#cloudhacking #cloudsecurity #WWHF

BishopFox, 7 months ago to random

According to our #offensivesecurity study with #PonemonInstitute, #RedTeaming is the 2nd most effective offensive security testing strategy, right behind #cloudsecurity testing. This trend is set to continue, and smart companies are taking notice.

Check out other #RedTeam findings here! https://bfx.social/48EHQLK