Click any tag below to further narrow down your results
Links
This article discusses how agentic AI enhances cloud security by automating threat detection, vulnerability assessment, and security operations. It emphasizes the technology's ability to reason, prioritize risks, and take autonomous actions, ultimately freeing human analysts to focus on complex tasks.
This article examines how attackers can exploit log data in cloud environments for enumeration and intelligence gathering. It discusses the types of logs generated by major cloud providers like AWS, Azure, and GCP, and highlights the importance of rethinking log access to enhance security. Practical mitigation strategies for defenders are also presented.
Material helps organizations protect sensitive data without disrupting collaboration. It automates the discovery and classification of files in Google Drive, monitors sharing behaviors, and enforces data governance policies. The platform also detects potential threats and provides a scorecard to evaluate security posture.
EvilMist is a set of scripts for auditing cloud security, focusing on Azure Entra ID. It helps identify misconfigurations, assess user access, and simulate attack techniques, all without needing authentication tokens. The toolkit includes features for user enumeration, risk assessment, and export options for analysis.
Upwind offers a cloud security platform that enhances visibility and threat detection for cloud deployments and applications. It focuses on real-time monitoring and inside-out security, allowing organizations to prioritize vulnerabilities and streamline compliance efficiently.
The WIN Partner Index provides data on how organizations use cloud security integrations, highlighting which tools are most effective in real-world applications. It shows trends in adoption and impact across various workflows, emphasizing the importance of collaborative, embedded security in modern cloud environments.
Vectra AI offers a platform that enhances network detection and response by integrating observability across networks, identities, and cloud environments. It uses advanced AI to monitor behavior, detect threats in real-time, and streamline incident response. This approach aims to stop attacks before they escalate into breaches.
SubImage helps organizations manage their cloud and on-premises security by mapping infrastructure, identifying vulnerabilities, and addressing misconfigurations. It uses AI to provide actionable insights and integrates easily with existing tools without requiring maintenance.
This article outlines key trends and insights in cloud security for 2025. It covers various security aspects, including code security, compliance, and monitoring across multiple cloud platforms. The focus is on how organizations can enhance their security posture amid evolving threats.
VoidLink is a Linux command-and-control implant that targets multiple cloud environments for credential theft and data exfiltration. It shows signs of being generated by an AI coding agent, with unusual documentation and logging patterns. This raises concerns about the accessibility and sophistication of malware development.
This article dives into Attack Surface Management (ASM), explaining how organizations often overlook numerous potential entry points that attackers could exploit. It emphasizes the importance of continuous monitoring and discovery of assets, including forgotten domains, cloud infrastructures, and third-party services. The author shares personal experiences from the bug bounty scene to highlight common vulnerabilities and the need for better ASM practices.
This article promotes a livestream featuring security experts from Datadog, Bishop Fox, and SecurityHQ. They will discuss critical findings from a recent report, including risks from long-lived credentials, common cloud misconfigurations, and best practices in cloud security. A live Q&A session will also be included.
This article details a cloud attack where a threat actor gained administrative access to an AWS environment in under 10 minutes, utilizing stolen credentials from public S3 buckets. The attacker leveraged large language models to automate tasks such as reconnaissance and malicious code generation, ultimately compromising multiple AWS principals.
A recent AWS report identifies major security issues in cloud systems, with human errors and operational misconfigurations leading to data breaches. Despite widespread cloud adoption, concerns about cybersecurity and integration challenges persist among businesses. The report underscores the need for organizations to address these vulnerabilities as they transition to cloud-based solutions.
This article outlines essential resources and methodologies for detection engineers, emphasizing the need for a proactive approach to cybersecurity through detection-as-code. It covers key roles, frameworks, and specializations within detection engineering.
Material Security offers a platform to protect Google Workspace and Microsoft 365 from threats like phishing and account takeovers. It provides visibility into sensitive data and automates threat remediation, simplifying security operations for teams.
This article highlights the features and benefits of the Vectra AI Platform, which can detect threats more quickly and accurately. It includes testimonials from various security professionals who discuss improved detection rates and reduced response times after implementing Vectra AI.
This article discusses findings from the 2025 State of Cloud Security study, highlighting issues like the risks of long-lived credentials and the importance of using AWS Organizations for better security management. It also offers recommendations for improving security postures in cloud environments.
This article outlines Sumo Logic's cloud security features for AWS, emphasizing real-time monitoring and AI-driven incident response. It invites readers to sign up for a demo and offers insights into improving security operations.
A 4TB SQL backup file from EY was found publicly accessible due to a cloud misconfiguration, exposing sensitive information like API keys and passwords. The breach highlights the risks of modern cloud tools that prioritize convenience over security. EY responded effectively to the incident after being notified.
This article discusses how Tenable Cloud Security provides visibility and protection across the entire cloud development lifecycle. It emphasizes early detection of misconfigurations and risks through continuous monitoring and automated policies, helping teams secure their cloud infrastructure efficiently.
A hacker group called Zestix has exploited vulnerabilities in around 50 companies by stealing credentials through infostealers. The breaches occurred primarily because these organizations failed to implement multifactor authentication (MFA), allowing attackers to access sensitive data easily.
The author shares their experience of having their AWS account hacked, detailing how the attacker gained access, the immediate steps taken to regain control, and the lessons learned about cloud security. They emphasize the importance of proper security measures and the mindset needed to prevent such incidents.
This article details the GatewayToHeaven vulnerability in Google Cloud's Apigee, allowing attackers to access cross-tenant logs and data. It explains how to exploit Apigee's architecture to escalate privileges and potentially impersonate users by retrieving sensitive data.
This article outlines Tenable's cloud security platform, which offers tools for managing risks across multi-cloud and hybrid environments. It covers features like cloud workload protection, identity management, and data security, aimed at helping organizations identify and mitigate vulnerabilities effectively.
Nullify uses AI to automate product security tasks, replacing multiple tools and minimizing the need for human intervention. It identifies vulnerabilities, triages issues, and facilitates fixes through integrations with platforms like Jira and GitHub. The system learns from its environment, continuously improving its effectiveness.
This article discusses the importance of preventing misconfigurations in cloud environments through proactive measures. It outlines methods for visualizing current security postures, enforcing organizational policies, and continuously monitoring for misconfigurations to reduce risks and improve compliance.
This article discusses Material’s platform for enhancing account security against account takeover (ATO) attacks. It highlights features like automated monitoring, threat detection, and proactive management of security configurations across cloud services like Google Workspace and Microsoft 365.
The article argues that current cloud security practices often compromise between speed and safety, leading to vulnerabilities. It advocates for a new approach using agentic AI, open innovation, and real-time insights to create a more effective security posture.
The Apono Privileged Access Platform focuses on eliminating standing permissions to enhance security for users and systems. It uses a Just-in-Time access model to minimize risks like insider threats and data breaches while ensuring compliance with necessary regulations.
Prowler is an open-source platform for automating security and compliance checks across various cloud environments. It offers a wide range of built-in controls for standards like CIS and PCI-DSS, along with a user-friendly interface for monitoring and managing security assessments. Prowler can be deployed in multiple environments, including workstations and cloud services.
Figma has achieved C5 accreditation, a standard for cloud security compliance in Germany, Austria, and Switzerland. This recognition confirms Figma's commitment to high security standards, making it easier for organizations in regulated sectors to trust and use its services.
A new attack named VMScape allows malicious virtual machines to leak cryptographic keys from unmodified QEMU hypervisors on modern AMD and Intel CPUs, breaking the isolation between VMs and the cloud hypervisor. The researchers from ETH Zurich demonstrated that this attack could target cloud providers without needing to compromise the host, posing a significant risk to multi-tenant cloud security, although it requires advanced technical skills to execute. AMD and Intel have been notified, and mitigations have been released to address the vulnerability.
Mondoo's Agentic Vulnerability ManagementTM autonomously identifies, prioritizes, and remediates vulnerabilities across various IT infrastructures, significantly reducing vulnerabilities and speeding up remediation processes. By leveraging AI for continuous monitoring, Mondoo enhances security posture and compliance while allowing security teams to focus on strategic initiatives. The platform offers flexible deployment options and features a proactive approach to vulnerability management through its unique Mondoo flow.
The eBook offers strategies for hardening Windows Servers, emphasizing the importance of tailored configurations and the implementation of the Zero Trust model to combat internal and external security threats. It provides actionable steps for businesses to enhance their server security in an evolving technological landscape.
A data leak from the Fitify fitness app exposed 138,000 user progress photos and other sensitive files due to misconfigured Google cloud storage. The incident underscores significant security flaws in the app's data protection measures, revealing that users' private images could be accessed without authentication. Fitify has since closed the exposed storage but faces scrutiny over its handling of user data.
AI agents are being developed to emulate the reasoning patterns of cloud security experts, enabling them to identify and exploit privilege escalation vulnerabilities in AWS environments. These agents can not only detect complex attack vectors, which traditional tools often miss, but also automate the execution of these attacks, raising ethical concerns about sharing methodologies that could also benefit malicious actors. The future of cloud security may see a shift towards continuous autonomous threat emulation, challenging the current landscape of cyber defense.
Google has addressed a privilege escalation vulnerability in Cloud Composer 2, which could have allowed attackers with edit permissions to exploit the default Cloud Build service account. The fix, implemented in December 2024, ensures that environments use their service accounts for package installations, thereby enhancing security. No evidence of exploitation has been reported.
The article provides insights into effective AWS policies and where to locate them, focusing on best practices for managing permissions and access in cloud environments. It emphasizes the importance of tailored and secure policies to enhance operational efficiency and security compliance.
The article discusses the capabilities of a next-generation AI-powered Cloud-Native Application Protection Platform (CNAPP) designed to enhance security for cloud-native environments. It highlights the platform's advanced features, which include automated threat detection, compliance monitoring, and vulnerability management, aimed at protecting applications and data in dynamic cloud settings.
Sysdig has introduced an AI-powered vulnerability management solution that enhances remediation efforts by providing actionable insights and guidance. By integrating runtime context and automating recommendations, Sysdig enables security teams to quickly address high-risk vulnerabilities, significantly reducing the time to remediate and improving collaboration between security and development teams.
Intrusion Shield for AWS offers an automated cloud firewall that utilizes decades of threat intelligence to block risky network traffic without the need for manual rule management. It analyzes all network traffic in real-time, generates firewall rules, and provides prioritized recommendations for addressing security risks. Available on AWS Marketplace, it simplifies security for lean teams by minimizing alerts and streamlining threat management.
Microsoft warns that default configurations in Kubernetes Helm charts can expose sensitive data by lacking proper security measures, such as authentication and using weak passwords. Research highlights specific cases where these vulnerabilities could allow attackers to exploit misconfigured applications, stressing the need for organizations to review and secure their Helm chart deployments carefully.
Building a cloud security roadmap is essential for organizations to effectively manage and mitigate risks associated with cloud environments. The article outlines key components of such a roadmap, including risk assessment, compliance considerations, and the importance of continuous monitoring and improvement. It emphasizes the need for a strategic approach to ensure robust cloud security practices are in place.
Keeper Secrets Manager is a cloud-based solution designed for secure secrets management, specifically targeting Non-Human Identities (NHIs) like API keys and database credentials. It offers features such as role-based access controls, automated credential rotation, and seamless integration with popular DevOps tools to enhance security and compliance in IT environments. The platform promotes a zero-trust, zero-knowledge approach to protect sensitive information across various infrastructures.
Join the quarterly webinar series featuring FortiCNAPP product experts as they unveil the latest innovations in cloud security. Attendees will gain insights into new features, learn practical strategies for enhancing security posture, and have the opportunity to engage in live Q&A sessions to address specific concerns.
Protecting a hybrid workforce requires robust security measures as remote employees become vulnerable endpoints in the cybersecurity framework. IT security teams must ensure visibility and control over data across various environments, including data centers and cloud applications. Fortra offers solutions to minimize risks and enhance data security for dispersed teams.
Palo Alto Networks has introduced a new application security posture management (ASPM) capability within its Cortex Cloud platform, designed to enhance security in modern development workflows. This capability allows teams to prevent risks earlier in the software lifecycle by integrating findings from various AppSec tools and providing comprehensive context for better prioritization and automated remediation. By shifting from reactive to proactive security measures, organizations can effectively manage vulnerabilities and reduce the burden on development teams.
Maze has launched a new AI-driven solution for vulnerability management, raising $31 million to help organizations better control cloud security breaches. The AI agents are designed to identify and resolve critical vulnerabilities, reducing false positives and significantly shrinking vulnerability backlogs, allowing security teams to respond more effectively to threats.
Unit 42 researchers have identified a surge in ELF-based malware targeting cloud infrastructure, predicting that threat actors will increasingly use complex tools to exploit Linux environments. The study highlights five specific malware families, their evolving techniques, and the urgent need for enhanced detection and prevention mechanisms in cloud security.
The article discusses the future of runtime cloud security in 2025, highlighting emerging threats and innovations in security practices. It emphasizes the importance of proactive measures and advanced technologies to protect cloud environments from increasingly sophisticated attacks. The insights aim to prepare organizations for the evolving landscape of cloud security challenges.
Implementing guardrails in cloud infrastructure is essential to prevent security vulnerabilities, unexpected costs, and compliance issues. The article explains how Open Policy Agent (OPA) can be integrated with Terraform to enforce policies as code, ensuring consistent governance and security for cloud resources. It provides practical policy examples and steps for integrating OPA into Terraform workflows.
Companies outside US jurisdiction should reassess their threat models when utilizing US-based cloud providers, as the US government’s aggressive actions may compel these providers to act against their customers. The article discusses various attack vectors unique to the US government that could impact cloud service users, emphasizing the need for enhanced security measures to maintain confidentiality and data integrity.
A Cyber Security Analyst is responsible for monitoring and securing an organization's IT infrastructure by analyzing threats and implementing security measures to protect sensitive data. Essential skills include cybersecurity, vulnerability management, and incident management. The article also highlights recommended courses and other related IT roles in the cybersecurity field.
The article discusses a method for escalating privileges in a cloud-native environment by manipulating an administrator's PowerShell profile after gaining OneDrive permissions. The process involves uploading a backdoor script to the admin's OneDrive, which executes when they launch PowerShell, allowing attackers to harvest sensitive tokens and potentially gain further access to the system.
FortiCNAPP is a unified platform designed to enhance cloud security by automating risk management, threat detection, and compliance monitoring across multi-cloud environments. It simplifies and strengthens security operations, enabling teams to quickly identify and respond to threats while maximizing productivity with minimal effort. The solution integrates advanced machine learning to continuously monitor for unusual behaviors and vulnerabilities, improving overall security efficacy.
The article discusses the strategic partnership between Palo Alto Networks and CyberArk, highlighting how their collaboration is set to transform cybersecurity practices. By integrating their technologies, they aim to enhance threat detection and response capabilities, thereby reshaping the landscape of identity protection and cloud security.
Shield Cloud is a software-based firewall gateway for AWS environments that utilizes Intrusion Applied Threat Intelligence to dynamically generate firewall rules and block malicious traffic. It offers centralized policy management through the Intrusion Command Hub and supports stateful firewall functionality and Zero Trust architecture for enhanced VPC security. With automated updates and detailed reporting, Shield Cloud simplifies compliance and operational management for cloud resources.
AWS detection engineering practices were critically assessed after a breach simulation revealed undetected attacker persistence. The team rebuilt their detection capabilities by focusing on key log sources like CloudTrail, VPC Flow Logs, and GuardDuty, emphasizing the importance of correlation across these sources for effective threat detection.
A Cyber Security Analyst is responsible for monitoring and securing an organization's IT infrastructure by analyzing threats and implementing protective measures against cyber attacks. Key skills required for this role include cybersecurity, vulnerability management, and incident management. The article also highlights recommended courses and related job roles in the field of cybersecurity.
Fortra's Data Security Posture Management (DSPM) solution provides organizations with tools to discover, classify, and protect sensitive data across various environments, including cloud and on-premises. The platform enhances visibility into data ecosystems, prioritizes risks based on data sensitivity, and integrates data loss prevention measures to ensure comprehensive protection.
Effective vulnerability remediation involves identifying, prioritizing, and addressing security weaknesses in systems and applications, particularly within cloud environments. A strategic approach, including continuous monitoring and a combination of automated and manual methods, is essential in managing the overwhelming volume of vulnerabilities while mitigating risks and ensuring compliance.
Effective secrets management is crucial for organizations navigating their cloud journey, helping to mitigate risks associated with account compromise. This article outlines an 18-point checklist tailored to different stages of cloud adoption, focusing on best practices for managing secrets securely as environments grow more complex.
A guide to selecting cloud security tools for AWS focuses on protecting cloud applications from modern security threats. It discusses key areas such as endpoint and user security, traffic and application protection, and incident management, emphasizing the need for effective platforms to manage security across complex environments.
CloudRec is an open-source multi-cloud security posture management platform that enhances the security of cloud environments through comprehensive asset collection, real-time inspection, and risk event operations. It features a flexible rule configuration engine based on OPA, supports multiple cloud providers like AWS and GCP, and offers user-friendly management tools for asset and risk operations. The platform allows for easy expansion and customization to meet enterprise needs.
The article presents an in-depth report on cloud security risks, highlighting the increasing threats faced by businesses operating in cloud environments. It discusses the types of vulnerabilities and potential impacts on organizations, emphasizing the necessity for improved security measures and awareness to mitigate these risks.
The article explores the persistent nature of attackers in cloud environments, highlighting various tactics they employ to infiltrate and exploit systems. It emphasizes the importance of vigilance and proactive security measures to protect against ongoing threats in the cloud landscape. Strategies for detection and response are discussed to help organizations mitigate risks effectively.
The article discusses various products and solutions offered by Datadog, focusing on enhancing enterprise developer enablement through comprehensive security measures, monitoring tools, and industry-specific applications. It highlights capabilities in code security, cloud monitoring, and compliance across multiple sectors including finance, healthcare, and technology.
Business and technical leaders must engage their cloud teams with critical questions to enhance cloud security and compliance. By focusing on visibility, policy enforcement, and proactive risk management, organizations can integrate security into their development processes, ensuring safety and innovation in multi-cloud environments.
SentinelOne has introduced a new standard in unified cloud security by leveraging truly AI-driven technology. This advancement aims to enhance security measures across various platforms, providing a more integrated and efficient approach to threat detection and response.
The Trump administration has denied allegations from a whistleblower that officials at the Social Security Administration (SSA) copied sensitive data to an insecure cloud system. SSA Commissioner Frank Bisignano stated that the NUMIDENT database has not been compromised and that the agency's cloud infrastructure is secure and continuously monitored. He emphasized that the data has been stored in Amazon Web Services (AWS) without any transfers to a private cloud server.
Cloud Snitch is a powerful tool designed to enhance your understanding of AWS account activity, providing an intuitive interface for exploring and documenting AWS principals, IP addresses, and network activity. It helps users quickly identify errors and suspicious behavior, while also allowing for the generation and management of service control policies to enforce security compliance. Open-sourced under the MIT license, it can be deployed easily or used through cloudsnitch.io.
Preparing for cloud incidents requires a strategic approach to logging across major cloud providers. This article ranks essential logs for Microsoft, AWS, and Google Cloud, providing insights on their criticality for detecting and responding to security incidents, as well as real-life case studies illustrating their importance. Ensuring the right logs are enabled and retained is vital for effective incident response.
Fortra offers a tailored demo of its cloud security solutions to help organizations address data protection challenges. The demo will cover specific needs, Fortra's unique architecture, and analytics tools designed to enhance data security. Interested parties can fill out a form to schedule a consultation.
SonicWall has revealed that a breach of its cloud backup service impacted 100% of firewall configuration files for all affected customers, a significant increase from the previously estimated 5%. The company is working with Mandiant to enhance security measures and has advised customers on necessary remediation steps.
The offering includes a free 15-day trial of Palo Alto Networks' VM-Series Virtual Firewall, providing advanced security features to protect AWS workloads from various threats such as malware and phishing. It supports seamless integration with AWS environments and offers automated policy management, enhanced threat prevention, and easy deployment through the AWS platform.
The article on Datadog's website presents insights into the current state of cloud security, highlighting key trends, challenges, and best practices that organizations face in securing their cloud environments. It emphasizes the importance of adopting proactive security measures and the role of advanced monitoring tools in mitigating risks associated with cloud computing.