Articles about Cloud security

Most Linux users assume their security tools will catch bad actors before damage is done -- but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Continue reading →

New research commissioned by Valence Security from the Cloud Security Alliance looks at the current state of SaaS security to uncover key challenges and explore how organizations are securing and managing their SaaS environments.

It finds SaaS security is a top priority for 86 percent of organizations, with 76 percent of respondents saying they are increasing their budgets this year.

Continue reading →

Cloud adoption is at the heart of digital transformation, providing organizations with the agility and flexibility they need to stay competitive in today's rapidly changing marketplace.

A new report from Fortinet looks at the latest trends, challenges, and strategies shaping cloud security, include safeguarding sensitive data, ensuring regulatory compliance, and maintaining visibility and control across increasingly complex hybrid and multi-cloud environments.

Continue reading →

While moving systems to the cloud delivers many benefits, it also leads to complex dynamic environments that can be a real challenge when it comes to keeping them secure.

With the launch of a new Large Language Model (LLM)-powered cloud detection engine, Sweet Security aims to cut through the noise and allow security teams to tackle these environments with greater precision and confidence.

Continue reading →

LastPass has joined the Amazon Web Services Partner Network (APN) and is now listed on AWS Marketplace. This addition aims to provide organizations with streamlined access to password management solutions that support security and ease of management amid increasing adoption of hybrid work models.

Organizations are facing heightened challenges in managing a growing number of SaaS applications and online accounts, particularly as remote and hybrid work arrangements become more common. LastPass's availability on AWS Marketplace is intended to address these challenges by offering secure, easily accessible password management options that maintain administrative control and user convenience.

Continue reading →

Covering one of the most important subjects to our society today, Deep Learning Approaches to Cloud Security delves into solutions taken from evolving deep learning approaches, solutions allowing computers to learn from experience and understand the world in terms of a hierarchy of concepts, with each concept defined through its relation to simpler concepts.

Deep learning is the fastest growing field in computer science. Deep learning algorithms and techniques are found to be useful in different areas like automatic machine translation, automatic handwriting generation, visual recognition, fraud detection, and detecting developmental delay in children. However, applying deep learning techniques or algorithms successfully in these areas needs a concerted effort, fostering integrative research between experts ranging from diverse disciplines from data science to visualization.

Continue reading →

Machine Learning Techniques and Analytics for Cloud Security covers new methods, surveys, case studies, and policy with almost all machine learning techniques and analytics for cloud security solutions.

The aim of this book is to integrate machine learning approaches to meet various analytical issues in cloud security. Cloud security with ML has long-standing challenges that require methodological and theoretical handling. The conventional cryptography approach is less applied in resource-constrained devices. To solve these issues, the machine learning approach may be effectively used in providing security to the vast growing cloud environment.

Continue reading →

As organizations have come to rely more on the cloud, it's become an increasingly attractive target for cybercriminals seeking to steal data or extract ransoms.

In the past this has involved the use of malware, but as attackers get more sophisticated there’s a move towards different types of attack. We spoke to Shai Morag, SVP and general manager cloud security at Tenable, to discover more about these threats and how to tackle them.

Continue reading →

Cloud investment is central to staying competitive in modern business. Gartner estimated that global end-user cloud investment reached nearly $600 billion this year and forecasts a 20 percent increase in spending in 2024. But as investment in and reliance on the cloud increases, so must investment in cloud security.

Expanding cloud usage means an expanding attack surface for threat actors to target. Research from Vanson Bourne, commissioned by Illumio, found that nearly half (47 percent) of all security breaches now start in the cloud.

Continue reading →

Recent cyber attacks have seen not just the usual monetary motives but also the rise of espionage attempts with attacks on government officials.

So how can organizations, both public and private sector, protect their most valuable assets? We spoke to Glenn Luft, VP of engineering at Archive360, to find out.

Continue reading →

October, as you might have noticed, is Cybersecurity Awareness Month. Now in its 20th year, this aims to bring the public and private sectors to work together to raise awareness about the importance of cybersecurity.

As always industry experts are keen to use the event to offer views on the security landscape, here we round up some of their comments.

Continue reading →

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

Continue reading →

Cloud security company Sysdig is launching a new generative AI assistant specifically designed to help with cloud security.

Whereas standard AI chatbots are designed to answer a specific question using a single large language model (LLM) and stateless analysis, Sysdig Sage uses a unique human-to-AI controller that mediates user interactions with LLMs to provide more advanced, tailored recommendations.

Continue reading →

New analysis by Orca Security of scan results from its Cloud Security Platform reveals the top risks facing organizations this year.

The analysis of workload, configuration and identity data from real-world production cloud assets on Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Kubernetes and more identifies five of the most common, yet severe, cloud security risks which are found in many cloud environments.

Continue reading →

A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.

Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.

Continue reading →