#cloud-security

#cloud-security

For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security researchers describe as an "operational nightmare" of manual lifecycle management, rotation schedules, and constant credential leakage risks. This challenge has traditionally driven organizations toward centralized secret management solutions like HashiCorp Vault or CyberArk, which provide universal brokers for secrets across platforms.

The cloud has become the backbone of modern business, enabling rapid scalability, advanced analytics, and collaboration across global teams. In the age of artificial intelligence (AI), the cloud's role is even more critical, both serving as the storage and processing hub for vast quantities of data that feed machine learning models, power real-time analytics, and drive business innovation. With this innovation comes a high-risk balancing act.

Cloud migration and flexible working policies have contributed to the sprawl, but part of the reason it's so unmanageable is that companies still rely on the same old discovery tools built for a static network. Whenever we scan a new environment, we always uncover a large number of devices that were completely off the radar and out of scope of the protection of their IT and security policies.

Today, enterprises need a robust digital infrastructure for everything from customer engagement to operational continuity, and multi-cloud technology has become a fundamental enabler of enterprise success. However, with these increased complexities, organisations face increasing challenges in managing security risks, maintaining operational uptime, and above all, to maximise value from their cloud investments. Emerging technologies and innovative approaches are reshaping the way enterprises navigate these challenges, and at the same time service level agreements (SLAs) too are evolving to align with these developments.

Cloud computing forms the backbone of our increasingly digital world, enabling businesses to operate more efficiently, grow faster, and innovate with flexibility. Despite its advantages, the cloud is not immune to data breaches caused by weak security practices. Alarmingly, some of the biggest risks do not stem from technical errors or malicious hackers but from the very people responsible for protecting cloud resources: security professionals themselves.

Darktrace introduces the industry's first fully automated cloud forensics solution. Forensic Acquisition & Investigation aims to reduce investigation times from days to minutes by collecting evidence immediately when threats are detected. A survey of 300 cloud security decision-makers shows that nearly 90 percent of organizations suffer damage before they can contain cloud incidents. Additionally, investigations in cloud environments take three to five days longer than those in on-premises environments.

A new report from Senate Democrats claims members of Elon Musk's DOGE team have access to the Social Security Numbers of all Americans in a cloud server lacking verified security measures, despite an internal assessment of potential "catastrophic" risk. The report, released by Sen. Gary Peters (D-MI), cites numerous disclosures from whistleblowers, including one who said a worst-case scenario could involve having to re-issue SSNs to everyone in the country.

ZDNET's key takeaways The FBI warned about the alarming trend of compromised accounts. The success rate of threat actors could tarnish Salesforce's reputation. The most recent wave of attacks was likely preventable.

I have done FedRAMP in my past life,

Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs running on public cloud services. The research shows that L1TF (L1 Terminal Fault), also known as Foreshadow, a bug in Intel processors reported in January 2018, and half-Spectre, gadgets believed unexploitable on new-generation CPUs, as they cannot directly leak secret data, can be used together to leak data from the public cloud.

Microsoft built security controls around identity like conditional access and logs, but this internal impression token mechanism bypasses them all,

ChatGPT's research assistant sprung a leak - since patched - that let attackers steal Gmail secrets with just a single carefully crafted email. Deep Research, a tool unveiled by OpenAI in February, enables users to ask ChatGPT to browse the internet or their personal email inbox and generate a detailed report on its findings. The tool can be integrated with apps like Gmail and GitHub, allowing people to do deep dives into their own documents and messages without ever leaving the chat window.

Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges-essentially god mode-and compromise every Entra ID directory, or what is known as a "tenant."

SecurityWeek's Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM - 4PM ET. Join the online event where cybersecurity leaders and practitioners will dive into the strategies, tools, and innovations shaping the future of ASM. As digital assets and cloud services continue to expand, defenders are shifting tactics to continuously discover, inventory, classify, prioritize, and monitor their attack surfaces.

Two researchers reported finding serious vulnerabilities, including ones that expose employee information and drive-through orders, in systems run by Restaurant Brands International (RBI), which owns the Tim Hortons, Burger King and Popeyes brands. The vulnerabilities were reported to the vendor and quickly fixed. In addition, RBI said the system targeted by the researchers is still in early development. However, the company still sent a DMCA complaint to the researchers to force them to remove the blog post detailing their findings.

Cloud storage is used by most businesses, with 78% of respondents to a 2024 PwC survey indicating they've adopted cloud across most of their organizations. But many firms are unknowingly opening themselves up to security and data protection risks: sensitive data is being held in 9% of publicly-accessible cloud storage, and 97% of this information is classified as restricted or confidential, according to Tenable's 2025 Cloud Security Risk Report.

SLAs typically cover metrics like uptime, support response times and service performance, but often overlook critical elements such as data protection, breach response and regulatory compliance. This creates a responsibility gap, where assumptions about who is accountable can lead to serious blind spots. For instance, a customer might assume that the cloud provider's SLA guarantees data protection, only to realise that their own misconfigurations or weak identity management practices have led to a data breach.

The complaint from Charles Borges, the chief data officer at the SSA, alleges that Doge staffers effectively created a live copy of the entire country's social security data from its numerical identification system database. The information is a goldmine for bad actors, the complaint alleges, and was placed on a server without independent oversight that only Doge officials could access.

Is Wiz giving you solid visibility but falling short on real-time remediation, host-level telemetry, or network traffic analysis? Safe to say, you're not the only one noticing the gaps. As cloud environments become increasingly complex, security teams require tools that identify risks and help mitigate them. This blog post breaks down some of the best Wiz competitors that fill in those missing pieces. Stick around till the end to see how ClickUp (yes, the productivity platform!) supports efficient cloud security collaboration. 🔐

The 'castle and moat' idea has gone from outdated to outright dangerous as applications and users have scattered across public clouds, SaaS platforms, and more.

Immutable backups prevent ransomware and ensure data integrity, meeting compliance needs with secure, tamper-proof cloud data protection. They safeguard critical data effectively.

One corrupt table or misconfigured bucket can stall an entire supply chain run. Fortunately, a clear-headed backup strategy turns that existential threat into a five-minute inconvenience.

As we prepare for the second half of 2025, investors should focus on stocks in the AI and cloud security sectors, which offer strong growth potential.

According to Erik de Jong, the Wiz acquisition could be detrimental to customers; consolidation in the market rarely leads to lower prices.

NordPass has introduced 'Documents', a cloud-based encrypted vault for secure storage of vital documents, enhancing user convenience and security.

The new approach, which will be available with the launch of Red Hat Enterprise Linux 10, offers users preconfigured, ready-to-use images designed to handle the unique characteristics of different hyperscalers.