The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cloud security

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements
June 24, 2021The Hacker News
Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond faster to change and the scale to accommodate rapid growth. Remote work boosted productivity by letting employees access cloud data from anywhere on any device. This is not business as usual. The data center and the perimeter security are no longer the center of the universe. Now remote workers, personal mobile devices, applications, and data are in the middle. Although employees, applications, and data have left the building, IT security teams still shoulder the responsibility for protecting confidential data and ensuring compliance with strict privacy regulations. The risk of not doing so

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security
June 14, 2021The Hacker News
In response to malicious actors targeting US federal IT systems and their supply chain, the President released the " Executive Order on Improving the Nation's Cybersecurity  (Executive Order)." Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream. Private companies and enterprises will look to the Executive Order to build their best practices. At a high level, the Executive Order includes information-sharing requirements, a push toward cloud and Zero Trust architectures, and enhancing transparency throughout the software supply chain. Understanding the fundamentals of the White House Executive Order on Improving the Nation's Cybersecurity The bulk of the Executive Order focuses on administrative tasks associated with it, including redefining contract language, setting timelines, and defining agency roles and responsibilities. For enterprises that don't supply technolog

Cato MDR: Managed Threat Detection and Response Made Easy

Cato MDR: Managed Threat Detection and Response Made Easy
July 06, 2020The Hacker News
Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 (!) days. To keep the enterprise protected, IT needs to figure out a way to break this endless cycle without purchasing complex security and data analysis tools and hiring the right (skilled and expensive) security professionals to operate them. Enter MDR An advanced security service, Managed Detection and Response (MDR), provides ongoing threat detection and response, leveraging AI and machine learning to investigate, alert, and contain threats. MDR is becoming popular and gaining traction. In fact, Gartner forecasts that by 2024, 25% of organizations will be using MDR services, up from less than 5% today. And by 2024, 40% of midsize enterprises will use MDR as their only managed security s

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
May 01, 2020Ravie Lakshmanan
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues , rated with CVSS score 10. "The vulnerabilities, allocated CVE IDs CVE-2020-11651 and CVE-2020-11652 , are of two different classes," the cybersecurity firm said . "One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e., parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server." The researchers warned that the flaws could be exploited in the wild imm

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
January 30, 2020Mohit Kumar
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes. According to a report researchers shared with The Hacker News, the first security vulnerability ( CVE-2019-1234 ) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft. If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn't matter if they're running on a shared, dedicated or isolated vir

How Cloud-Based Automation Can Keep Business Operations Secure

How Cloud-Based Automation Can Keep Business Operations Secure
September 16, 2019The Hacker News
The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts , has only reinforced the belief that the cloud remains the safest way to store sensitive data. "You have to compare [the cloud] not against 'perfect' but against 'on-premises.'" Ed Amoroso, a former chief security officer at AT&T, told Fortune magazine this week. He wasn't the only voice defending cloud computing in the wake of a hack attack. In an article titled "Don't Doubt the Cloud," Fortune columnist Robert Hackett , wrote: "The cloud is undeniably convenient and, more importantly, better in terms of security than what the majority of companies can achieve alone." The problem, experts said, was not cloud computing but rather the tendency for

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server
September 20, 2017Wang Wei
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server. A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties. These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon. Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiarie

Hands-On Review: Converged Networking and Security with Cato Networks

Hands-On Review: Converged Networking and Security with Cato Networks
May 08, 2017Mohit Kumar
Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or urgently patch a vulnerability – you know what I am talking about. All of these issues have been with us basically forever. Recently, the list of complex tasks extended to getting cloud infrastructure connected to the rest of the network, and secure access for mobile users. There seems to be a change coming to this key part of IT, a silver lining if you will. We decided to take a look at one solution to this problem – the Cato Cloud from Cato Networks. Founded in 2015, Cato Networks provides a software-defined and cloud-based secure enterprise network that connects all locations, people and data to the Cato Cloud – a single, global, and secure network. Cato promises to simplify netwo

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
May 14, 2015Swati Khandelwal
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But don't panic. Though the recent vulnerability has a more terrific name than HeartBleed , it is not going to cause as much danger as HeartBleed did. Dubbed VENOM , stands for Virtualized Environment Neglected Operations Manipulation , is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory. Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year's HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information. Now let's know more about Ven

U.S. based Cloud Hosting providers contribute 44% of Malware distribution

U.S. based Cloud Hosting providers contribute 44% of Malware distribution
January 20, 2014Anonymous
U.S. has the top Security Agencies like NSA, FBI to tackle cyber crime and terrorism with their high profile surveillance technologies, but even after that U.S is proudly hosting 44% of the entire cloud based malware distribution. With the enhancement in Internet technology, Cloud computing has shown the possibility of existence and now has become an essential gradient for any Internet Identity. Cloud services are designed in such a way that it is easy to maintain, use, configure and can be scaled depending upon the requirement of the service being provided using the CLOUD technology with cost effective manner. Due to the Easy and Cost effective alternative of traditional computing, Malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to Internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider. Hiding behind trusted domains and names is not something new. According to recently
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.