Cloud Security - Securezoo

Denonia malware targets AWS Lambda

Cloud Security, Cybersecurity Attacks, Malware / By Frank Crast / April 8, 2022 April 8, 2022

A first of its kind malware dubbed Denonia has been targeting Amazon Web Services (AWS) Lambda, an event-driven, serverless computing platform.

cyber security, internet, hacking-3400555.jpg

DevSecOps best practices to secure cloud-native and microservices-based applications

Application Security, Cloud Security, Configuration Management, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / March 12, 2022 March 13, 2022

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.

NIST SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh

Application Security, Cloud Security, Configuration Management, Standards & Guidelines / By Frank Crast / March 8, 2022 March 26, 2022

he National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.”

CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats

Cloud Security, Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / By Frank Crast / January 20, 2022 January 20, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.

Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions

Cloud Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 18, 2021 September 18, 2021

Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.

Pro-Ocean cryptojacking malware targets cloud applications

Cloud Security, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / February 1, 2021 February 1, 2021

A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.

SQL Server malware “MrbMiner” attacks

Cloud Security, Cybersecurity Attacks, Malware, Network Security / By Frank Crast / January 25, 2021 February 1, 2021

Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.

FireEye publishes Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers

Cloud Security, Cybersecurity Attacks, Security Monitoring / By Frank Crast / January 21, 2021 January 21, 2021

Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / December 19, 2020 December 19, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Malware / By Frank Crast / October 2, 2020 October 2, 2020

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.