#cloud-security
#cloud-security

Veracode acquires Longbow Security| App Developer Magazine

Veracode acquires Longbow Security to enhance cloud-native security risk management. [ more ]

ComputerWeekly.com

How to optimise cloud security without budget blowout | Computer Weekly

Organizations struggle with managing cloud security tools efficiently.

Proper planning and alignment of security and operational needs are crucial for effective cloud security. [ more ]

InfoQ

Google Cloud Launches Security Command Center Enterprise

Security Command Center Enterprise integrates Mandiant expertise and Generative AI for proactive and simplified cloud security.

The solution bridges the gap between cloud security and enterprise security operations, enabling organizations to manage and prioritize cloud risk effectively. [ more ]

thenewstack.io

Attack (or Penetrate Test) Cloud Native the Easy Way

Weak cloud native infrastructure security defenses leave distributed networks vulnerable to attacks via simple tools or unpatched security holes, including easy access through dark web purchases. [ more ]

TechCrunch

4 weeks ago

Business intelligence

Google injects generative AI into its cloud security tools | TechCrunch

Google introduced cloud-based security products at Cloud Next conference for corporate networks.

Gemini AI models were central in the new security products and services introduced by Google. [ more ]

Forbes

Council Post: A New Approach To Cloud Security For 2024

Companies face new challenges and risks while reinventing themselves in the cloud.

Mitigating cyber risks is a top priority for the C-suite, with a focus on cloud security. [ more ]

DevOps.com

Information security

Survey Sees Limited DevSecOps Progress Being Made as Vulnerabilities Mount - DevOps.com

Over a third of code contains vulnerabilities, with an average of 55.5 security vulnerabilities each day per organization.

Organizations address only a fraction of vulnerabilities monthly due to limited resources and lengthy remediation phases. [ more ]

Harvard Business Review

Why Data Breaches Spiked in 2023

Data breaches continue to increase yearly, with a 20% rise from 2022 to 2023.

Primary reasons for increased data theft: cloud misconfiguration, new ransomware attacks, vendor system exploitation. [ more ]

Forbes

3 months ago

Council Post: Don't Break The Bank: Stopping Ransomware From Getting The Best Of Your Business

Ransomware attacks continue to be a serious threat to organizations despite high cyber spending.

The landscape of cyber threats has fundamentally changed with the cloud, mobility, and hybrid work, requiring a change in security measures. [ more ]

morecybersecurity

cloud security

Amazic

8 security challenges with containerized applications running in the cloud - Amazic

Containerization is a fundamental technology for deploying and managing applications in the cloud.

There are specific security challenges associated with containerized applications running in the cloud. [ more ]

Azure DevOps Blog

Azure DevOps' First Consensus Assessment Initiative Questionnaire (CAIQ) Now Available - Azure DevOps Blog

Microsoft has published a Consensus Assessment Initiative Questionnaire (CAIQ) specific to Azure DevOps.

The CAIQ is a comprehensive checklist that covers a wide range of security topics relevant to cloud computing.

The CAIQ for Azure DevOps is published on Microsoft's Service Trust Portal and addresses various areas such as data governance, data center security, identity and access management, and incident response. [ more ]

Dark Reading

Combining Agentless and Agent-Based Cloud Security in CNAPPs

Cloud security has evolved to address the challenges of complex multicloud environments.

Contextualized security, with visibility into attack paths and automated alerts, is key for effective cloud security.

A unified cloud-native application protection platform (CNAPP) using both agentless and agent-based protections is recommended. [ more ]

Dark Reading

Stream Security Expands into CloudSecOps Market With Launch of Real-Time Cloud Security Solution

Stream Security expands into cloud security with their real-time Cloud Twin technology.

The Cloud Twin allows organizations to understand the impact of every operation in their cloud in real-time. [ more ]

Dark Reading

Illumio Delivers the Most Complete Zero-Trust Segmentation Platform With the Addition of CloudSecure

Illumio has expanded its Zero Trust Segmentation Platform with Illumio CloudSecure to provide comprehensive segmentation for hybrid and multi-cloud environments.

Illumio CloudSecure helps organizations address the challenges of public cloud security by providing visibility and control of connections between dynamic applications and workloads.

Illumio CloudSecure enables organizations to contain attacks efficiently and cost effectively on applications and workloads in public cloud environments. [ more ]

morecloud security

DevOps.com

1 day ago

The Role of DevOps in Orchestrating Enterprise-Wide Cloud Security - DevOps.com

Moving to the cloud poses security challenges - data breaches, misconfigurations, compliance, and unauthorized access. Robust security measures and employee training are crucial for data protection. [ more ]

InfoQ

2 weeks ago

New Cloud Governance Guidance in the Microsoft Cloud Adoption Framework for Azure

Microsoft updated its Cloud Adoption Framework (CAF) Govern section for Azure to enhance cloud governance guidance and provide support for organizations in their cloud journey. [ more ]

siliconvalleyjournals.com

4 weeks ago

Wiz Strengthens Cloud Security Platform with Acquisition of Gem Security

Wiz acquires Gem Security, enhancing cloud security capabilities.

Gem Security specializes in real-time cloud detection and response solutions. [ more ]

Amazic

Anjuna simplifies confidential computing to secure cloud workloads - Amazic

Hardware security is no longer sufficient for securing workloads on servers.

Anjuna empowers organizations to take charge of their cloud security by offering confidential computing. [ more ]

Amazic

Recap KubeCon + CloudNativeCon Europe 2024 with Sysdig - Amazic

Importance of Falco's graduation

Runtime insights for cloud security

Future of Falco post-graduation [ more ]

Iapp

3 months ago

French government votes against its cloud security strategy

Members of French government's Renaissance party vote against cloud security strategy

Proposed amendments would have required consulting companies to comply with cloud service provider requirements [ more ]

channelpro

1 day ago

Artificial intelligence

CrowdStrike and AWS expand deal to drive cloud security and AI

CrowdStrike and AWS expand partnership to boost cloud security and AI capabilities. [ more ]

TechCrunch

4 weeks ago

Artificial intelligence

Google Cloud Next 2024: Everything announced so far | TechCrunch

Google's Cloud Next 2024 event features new cloud updates focusing on AI, devops, and security tools.

Gemini introduces AI-powered tools for simplifying database management for Google Cloud customers.

Google emphasizes partnerships and AI integration in their security tools with new Threat Intelligence, Chronicle, and Security Command Center products. [ more ]

TechCrunch

2 days ago

European startups

Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions | TechCrunch

Wiz, a cloud security platform, raised $1 billion in Series E funding to fuel acquisitions and rapid expansion towards an IPO. [ more ]

Above the Law

2 days ago

Information security

Cloud Security Advice For Law Firms

Law firms are adopting a cloud-first mentality, but often overlook the importance of securing their cloud environment, leaving room for vulnerabilities. [ more ]

DevOps.com

Information security

DevSecOps: 5 Tips for Developing Better, Safer Apps - DevOps.com

Cloud attacks are increasing with a 95% surge in 2022, emphasizing the critical importance of security in the cloud.

DevOps teams play a crucial role in addressing security concerns through early detection and prevention measures. [ more ]

Amazic

6 top cloud IAM providers from startups to the big cloud vendors - Amazic

IAM merges policies and technologies for user identification and access control.

Implementing IAM principles like least privilege enhances security and efficiency in managing access permissions. [ more ]

WIRED

How Apple's Advanced Data Protection Works, and How to Enable It on Your iPhone

Enabling Apple's Advanced Data Protection (ADP) enhances security for iCloud backups, iCloud Drive, Photos, Notes, and Reminders.

End-to-end encryption provided by ADP ensures data safety even in cases of rogue employees or data breaches, but it also limits Apple's ability to access or help recover encrypted files. [ more ]

TechRepublic

UK's NCSC Issues Warning as SVR Hackers Target Cloud Services

Russian state hackers are targeting organizations moving to the cloud, focusing on weaknesses in cloud services for initial access.

APT29, linked to Russia's Foreign Intelligence Service, is expanding its cyberattacks to various sectors and adapting techniques for cloud-based environments. [ more ]

Theregister

Russia's Cozy Bear spotted diving into cloud environments

Cozy Bear, responsible for the SolarWinds attack, has expanded to target cloud environments and diversified victim categories.

Five Eyes governments issue a joint advisory warning of Cozy Bear expanding targets and methods, including targeting organizations via cloud services. [ more ]

TechRepublic

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Identity-based attacks remain prevalent

Cloud environment intrusions up by 75% from 2022 to 2023

Third-party relationships exploited for easier attacks [ more ]

Nextgov.com

New cloud security task force presses for stakeholder accountability

Cybersecurity professionals convene at MITRE to address cloud security

Formation of Cloud Safe Task Force to guide on securing cloud systems [ more ]

SiliconANGLE

Menlo Security's new cloud-delivered enterprise browser solution offers enhanced security - SiliconANGLE

Menlo Security Inc. announced new cloud-delivered enterprise browser solution for safe hybrid work with zero-trust access.

The solution offers end-to-end visibility, dynamic policy enforcement, and protection against advanced threats, managing local browser security policies and enabling access to applications. [ more ]

Cloud Pro

Business intelligence

Hundreds of enterprises are being targeted in a Microsoft Azure cloud account takeover campaign - here's what you need to know

Executives and directors are popular targets in a cloud account takeover campaign.

The campaign is specifically targeting Microsoft Azure environments. [ more ]

DevOps.com

The Code Caveat: When Developer Credentials Become the Hacker's Pickaxe - DevOps.com

Developers are often the weakest link in cloud security.

Common ways developers can compromise cloud security include exposing credentials, falling victim to phishing campaigns, and using weak passwords. [ more ]

TechRepublic

3 months ago

Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

The Androxgh0st malware is a botnet that collects cloud credentials and abuses the Simple Mail Transfer Protocol.

The malware targets websites using the Laravel web application framework to steal credentials and other sensitive data. [ more ]

Amazic

4 months ago

Cloud Security 101 - Amazic

Cloud security is essential for organizations adopting cloud computing.

85% of companies will have a cloud-first approach by 2025. [ more ]

Theregister

4 months ago