Cloud Security - Page 2 of 4

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Malware / By Frank Crast / October 2, 2020 October 2, 2020

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

NIST SP 800-210: General Access Control Guidance for Cloud Systems

Cloud Security, Identity & Access Management, Standards & Guidelines / By Frank Crast / July 31, 2020 September 11, 2021

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-210 General Access Control Guidance for Cloud Systems.

Doki malware targets exposed Docker servers in the cloud

Cloud Security, Configuration Management, Cybersecurity Attacks / By Frank Crast / July 29, 2020 July 29, 2020

Security researchers at Intezer Labs detected a new Linux malware dubbed “Doki” and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.

Microsoft releases Zero Trust guidance for Azure AD

Cloud Security, Cybersecurity Articles, Identity & Access Management / By Frank Crast / May 3, 2020 June 11, 2020

Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader “Zero Trust Security Strategy” to help organizations provide more secure access to corporate resources.

Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Cloud Security, Identity & Access Management / By Frank Crast / March 16, 2020 March 16, 2020

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.

NSA: Guidance to mitigate cloud vulnerabilities

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security / By Frank Crast / February 10, 2020 February 15, 2020

The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.

Zoom patches vulnerability that could allow eavesdropping

Cloud Security, Messaging Security, Password Management, Security Updates & Patches, Uncategorized, Vulnerabilities & Exploits / By Frank Crast / January 28, 2020 January 28, 2020

Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company’s online meetings.

Adobe Creative Cloud database exposed over 7 million user records

Cloud Security, Configuration Management, Data Breach, Password Management / By Frank Crast / October 29, 2019 October 29, 2019

Security researchers discovered an unsecured Adobe Creative Cloud Elasticsearch database that exposed nearly 7.5 million user records.

Top 3 AWS security configuration mistakes

Cloud Security, Cybersecurity Articles, Server Security, System Hardening / By Frank Crast / September 21, 2019 July 29, 2020

Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.

Office 365 third-party risks and configuration guidance

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / May 21, 2019 February 1, 2020

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.