Cloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The vulnera...
Jan 26, 2023•8 min•Season 2Ep. 2
Cloud Security News this week 14 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News According to recent study published by IEEE which I found interesting ( which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industrial I...
Jan 14, 2023•6 min•Season 2Ep. 1
Cloud Security News this week 14 July 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News
Jul 14, 2022•6 min•Season 3Ep. 17
Cloud Security News this week 11 May 2022 Brought to you this week by JupiterOne To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
May 11, 2022•7 min
Cloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Apr 13, 2022•5 min
Cloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News
Apr 07, 2022•5 min
Cloud Security News this week 30 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Mar 30, 2022•6 min
Cloud Security News this week 23 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Mar 23, 2022•6 min
Cloud Security News this week 16 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Mar 16, 2022•4 min•Season 2Ep. 12
Cloud Security News this week 9 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Mar 09, 2022•9 min•Season 2Ep. 10
Cloud Security News this week 2 March 2022 Brought you by Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Mar 02, 2022•5 min•Season 2Ep. 9
Cloud Security News this week 23 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) Instagram - Cloud Security News...
Feb 23, 2022•6 min•Season 3Ep. 8
Cloud Security News this week 16 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google’s Cybersecurity Action Team has released Threat Horizon’s report this month. The report can be accessed here Staying in theme with Google Cloud (which also happens to be our theme for this month at Cloud Security Podcast). This week they have reported a low severity vulnerability in the Linux kernel's funct...
Feb 17, 2022•5 min•Season 2Ep. 6
Cloud Security News this week 09 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud has released the Virtual Machine Threat Detection tool as part of their Security Command Center for Premium customer. According to Google’s blog this “is a first-to-market detection capability from a major cloud provider that provides agentless memory scanning to help detect threats like cryptomining ...
Feb 09, 2022•6 min
Cloud Security News this week 02 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud have reported that 3 security vulnerabilities have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.Google have shared that these vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu). Pods using GKE Sa...
Feb 02, 2022•5 min
Cloud Security News this week 26 Jan 2022 Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The merger of these two companies has now form Trellix, which aims to be a leader in extended detection and response (XDR). In their blog post Trellix shared that “Customers can expect Trellix’s living security platform to deliver bold innovation across the XDR market.” - “with automation, machine learning,...
Jan 26, 2022•4 min
Cloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services ...
Jan 19, 2022•7 min•Season 2Ep. 3
Cloud Security News this week 12 Jan 2022 UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a han...
Jan 12, 2022•4 min•Season 2Ep. 2
Cloud Security News this week 5 Jan 2022 Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle ’s innovative...
Jan 05, 2022•5 min•Season 2Ep. 1
Cloud Security News this week 22 December 2021 Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week’s episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far. To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues were ...
Dec 22, 2021•4 min
Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10 . The zero-day had been exp...
Dec 15, 2021•3 min
Cloud Security News this week 8 December 2021 If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for consoles in ...
Dec 08, 2021•4 min
Cloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year , we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield , Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets, you c...
Dec 02, 2021•7 min
Cloud Security News this week 24 November 2021 CSA recently announced that they have now had 1500 Cloud services evaluated across to the STAR registry principles. According to CSA, by publishing to the registry organizations can show current and potential customers their security and compliance posture which may prevent the need for them to complete multiple security questionnaires. You can find more information about CSA and STAR registry here Security researcher Schütz was rewarded a $4,133 bo...
Nov 24, 2021•5 min
Cloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this here J...
Nov 17, 2021•5 min
Cloud Security News this week 10 November 2021 Microsoft is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) - yes you heard that right! within a suite called Microsoft Defender for Cloud. This was previously know as Azure Security Center and Azure Defender At their annual conference Ignite 2021, their focus was enterprise cloud protection, specially multi cloud environments. Microsoft Defender for Cloud will now let ...
Nov 10, 2021•4 min
Cloud Security News this week 27 October 2021 In case you missed the quarterly earnings updates from last episode, I do encourage you to check it out to see how Google Cloud and Azure faired last Quarter. AWS came out still leading the pack $16.11 billion in the quarter, up almost 39% from a year ago. You can view the report here Industry Tech giants including Google, Salesforce, Okta and Slack have announced the creation of a “vendor-neutral” security baseline for businesses called ‘Minimum Via...
Nov 03, 2021•3 min
Cloud Security News this week 27 October 2021 UK’s spy agencies have given a contract to AWS to host classified material. Their intention is to boost use of data analytics and artificial intelligence for espionage. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade. The Guardian has reported that “the contract with Amazon is likely to ignite concerns over sovereignty because the UK’s most secret data will be hosted by a single US tech company ” - Quite th...
Oct 27, 2021•6 min
Cloud Security News this week 22 October 2021 Hope you have been enjoying your Cloud Security News this week and in our special third instalment for this week we bring you our best bits from Hashiconf Global 2021, conference held by Hashicorp. Hashicorp is a software company who provide open source tools and products - some of their popular products Vagrant, Terraform, Vault and boundary - You can view the conference and the talks here The opening keynote was delivered by their Co-Founders Mitch...
Oct 22, 2021•3 min
Cloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team’s favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today’s episode. TUF refers to The Update Framework, SPIFFE refers to Secure Producti...
Oct 21, 2021•3 min
