#cloud-security

#cloud-security

For the first time, we are seeing a foreign adversary use a commercial AI system to carry out nearly an entire cyber operation with minimal human involvement,

Alibaba Cloud is not inherently a security threat, but its ties to China and the legal environment create potential risks that Western companies must carefully evaluate. For low-risk applications (e.g., serving customers in Asia), it may be a viable option. For high-sensitivity operations, most security-conscious organizations opt for cloud providers based in allied countries with strong rule-of-law protections (e.g., AWS, Microsoft Azure, Google Cloud).

In the company's annual Cloud Readiness Report 70% of CEOs admit they built their current cloud environment "by accident, rather than by design" - this often entailed periodic upgrades aimed at addressing short-term needs, rather than focusing on longer term strategic improvements. Kyndryl said this shows that many lacked a "deliberate strategy" when pursuing cloud transformation projects, and the effects of this are starting to show with huge workload pressure placed on cloud environments, as well as growing security threats and evolving regulatory requirements.

There are plenty of choices for businesses when it comes to security. One could say there are too many of them in the public cloud domain for little overall gain. Google wants to ensure that customers can trust those choices by guaranteeing interoperability and integration. In said attempt, it has unveiled the newly launched Unified Security Recommended program. CrowdStrike, Fortinet, and Wiz are the first to join in.

Alphabet (GOOGL) (GOOG) and Wiz have moved closer to completing their $32 billion deal. The U.S. Department of Justice has finished its review, which means the agency will not block the acquisition. The step marks an important move toward closing, even though other regulators are still looking into the deal. The news comes just a few days after Alphabet delivered its first-ever $100 billion quarter.

For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security researchers describe as an "operational nightmare" of manual lifecycle management, rotation schedules, and constant credential leakage risks. This challenge has traditionally driven organizations toward centralized secret management solutions like HashiCorp Vault or CyberArk, which provide universal brokers for secrets across platforms.

Cloud migration and flexible working policies have contributed to the sprawl, but part of the reason it's so unmanageable is that companies still rely on the same old discovery tools built for a static network. Whenever we scan a new environment, we always uncover a large number of devices that were completely off the radar and out of scope of the protection of their IT and security policies.

Today, enterprises need a robust digital infrastructure for everything from customer engagement to operational continuity, and multi-cloud technology has become a fundamental enabler of enterprise success. However, with these increased complexities, organisations face increasing challenges in managing security risks, maintaining operational uptime, and above all, to maximise value from their cloud investments. Emerging technologies and innovative approaches are reshaping the way enterprises navigate these challenges, and at the same time service level agreements (SLAs) too are evolving to align with these developments.

Cloud computing forms the backbone of our increasingly digital world, enabling businesses to operate more efficiently, grow faster, and innovate with flexibility. Despite its advantages, the cloud is not immune to data breaches caused by weak security practices. Alarmingly, some of the biggest risks do not stem from technical errors or malicious hackers but from the very people responsible for protecting cloud resources: security professionals themselves.

Darktrace introduces the industry's first fully automated cloud forensics solution. Forensic Acquisition & Investigation aims to reduce investigation times from days to minutes by collecting evidence immediately when threats are detected. A survey of 300 cloud security decision-makers shows that nearly 90 percent of organizations suffer damage before they can contain cloud incidents. Additionally, investigations in cloud environments take three to five days longer than those in on-premises environments.

A new report from Senate Democrats claims members of Elon Musk's DOGE team have access to the Social Security Numbers of all Americans in a cloud server lacking verified security measures, despite an internal assessment of potential "catastrophic" risk. The report, released by Sen. Gary Peters (D-MI), cites numerous disclosures from whistleblowers, including one who said a worst-case scenario could involve having to re-issue SSNs to everyone in the country.

ZDNET's key takeaways The FBI warned about the alarming trend of compromised accounts. The success rate of threat actors could tarnish Salesforce's reputation. The most recent wave of attacks was likely preventable.

I have done FedRAMP in my past life,

Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs running on public cloud services. The research shows that L1TF (L1 Terminal Fault), also known as Foreshadow, a bug in Intel processors reported in January 2018, and half-Spectre, gadgets believed unexploitable on new-generation CPUs, as they cannot directly leak secret data, can be used together to leak data from the public cloud.

Microsoft built security controls around identity like conditional access and logs, but this internal impression token mechanism bypasses them all,

ChatGPT's research assistant sprung a leak - since patched - that let attackers steal Gmail secrets with just a single carefully crafted email. Deep Research, a tool unveiled by OpenAI in February, enables users to ask ChatGPT to browse the internet or their personal email inbox and generate a detailed report on its findings. The tool can be integrated with apps like Gmail and GitHub, allowing people to do deep dives into their own documents and messages without ever leaving the chat window.

Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges-essentially god mode-and compromise every Entra ID directory, or what is known as a "tenant."

SecurityWeek's Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM - 4PM ET. Join the online event where cybersecurity leaders and practitioners will dive into the strategies, tools, and innovations shaping the future of ASM. As digital assets and cloud services continue to expand, defenders are shifting tactics to continuously discover, inventory, classify, prioritize, and monitor their attack surfaces.

Two researchers reported finding serious vulnerabilities, including ones that expose employee information and drive-through orders, in systems run by Restaurant Brands International (RBI), which owns the Tim Hortons, Burger King and Popeyes brands. The vulnerabilities were reported to the vendor and quickly fixed. In addition, RBI said the system targeted by the researchers is still in early development. However, the company still sent a DMCA complaint to the researchers to force them to remove the blog post detailing their findings.

The complaint from Charles Borges, the chief data officer at the SSA, alleges that Doge staffers effectively created a live copy of the entire country's social security data from its numerical identification system database. The information is a goldmine for bad actors, the complaint alleges, and was placed on a server without independent oversight that only Doge officials could access.

Is Wiz giving you solid visibility but falling short on real-time remediation, host-level telemetry, or network traffic analysis? Safe to say, you're not the only one noticing the gaps. As cloud environments become increasingly complex, security teams require tools that identify risks and help mitigate them. This blog post breaks down some of the best Wiz competitors that fill in those missing pieces. Stick around till the end to see how ClickUp (yes, the productivity platform!) supports efficient cloud security collaboration. 🔐

Immutable backups prevent ransomware and ensure data integrity, meeting compliance needs with secure, tamper-proof cloud data protection. They safeguard critical data effectively.

In today's cloud-native world, real-time, context-aware defense is a baseline expectation, not a competitive edge.

One corrupt table or misconfigured bucket can stall an entire supply chain run. Fortunately, a clear-headed backup strategy turns that existential threat into a five-minute inconvenience.

Zscaler's architecture was designed from the outset with the priority of data privacy in mind, as Europe attaches importance to this issue.

As we prepare for the second half of 2025, investors should focus on stocks in the AI and cloud security sectors, which offer strong growth potential.

According to Erik de Jong, the Wiz acquisition could be detrimental to customers; consolidation in the market rarely leads to lower prices.

NordPass has introduced 'Documents', a cloud-based encrypted vault for secure storage of vital documents, enhancing user convenience and security.