The benefits to be had from cloud technologies are promoted to any and every business these days — from bakeries to banks. Meanwhile, computer clouds have progressed through several evolution steps already, and the generic term cloud now describes a number of essentially different approaches. Therefore, it makes show more ...
sense to figure out specifically which cloud technology your company needs, what the cost should be, and what security measures need to be in place. Cloud benefits In the general sense, cloud technologies imply the use of certain computer resources (data storage capacity, computing power, or a specific app) distributed from a remote server via the internet. Youre using cloud solutions when editing a document in Google Docs, launching a site on a virtual hosting platform, or sending an e-mail through Microsoft 365. Clouds have the following main advantages: Speedy launch of apps and services: you can begin using cloud services almost instantly without procuring any servers or installing any apps. Financial flexibility: you pay only for the services you use, without any capital investment whatsoever. Easy scalability: you can increase server capacity in a matter of minutes, or roll it back to the previous performance and price levels just as easily when no longer needed. Cloud types: private, public, and hybrid The public cloud concept implies that the computing capacities are owned by a commercial provider, which sells them piecemeal to anyone who wants them. If the company wants to have high-performance computing resources and bulletproof availability, or follows strict data-processing environment requirements, it may procure the necessary infrastructure for its sole use. This is called a private cloud. Servers can reside within the organizations perimeter (on premises) for greater security, or be leased from a commercial data processing center (hosted private cloud). Hybrid clouds combine the two approaches, keeping data and services either in the public or private part of the cloud depending on their importance. SaaS, IaaS, and assorted other aaS All abbreviations ending in aaS denote things provided as a service. The most popular one, SaaS, stands for software as a service. All the popular application services — including Microsoft 365, Dropbox, Slack, Zoom, and Salesforce — are SaaS. The user pays for a particular solution without paying any attention to what servers and apps are behind it or where it resides. DBaaS, PaaS and FaaS, which are commonly used in software development, work the same way: these services, via the cloud, provide databases, platforms, and functions for new apps, respectively. But those are beyond the scope of this blogpost. At the other end of the complexity scale, theres IaaS — infrastructure as a service. In this case, the cloud provider supplies virtual servers or containers in which clients run server applications by themselves. Clients can change server count and capacity in just a few clicks, but they also need to employ their own configuration and maintenance professionals to make the whole thing work. For those preferring to have their own servers, but unwilling to build a data processing center, theres DCaaS — data center as a service. The provider supplies the spaces, cooling and the rest of the engineering infrastructure, but the physical computers belong to the client organization. SaaS services always operate in a public cloud, whereas IaaS may be public, private, or hybrid. Cloud solution costs Although many cloud deployments require very limited initial investments, one should pay close attention to calculating the total cost of ownership (TCO) and its growth as the workload increases. Costs to consider include the cloud providers services, equipment for on-premises solutions, salaries of IT administrators and developers, and licenses for related apps and services. Public clouds usually provide an inexpensive and quick way to deploy small solutions, but private or hybrid clouds will be increasingly attractive as grow in size as a company. Cloud solution risks Cloud providers tend to advertise security as one their key advantages, but security is far from being an inherent property of the cloud. Moreover, cloud solutions bring new types of risks. The main risk: lack of both awareness and vigilance. Users — even IT administrators for that matter — believe that their cloud system is automatically protected, with everything taken care of by the cloud provider; therefore, they hardly even consider security. But in reality the cloud provider is unable to solve some issues, so these need to be addressed by the client organization. Here is a list of main cloud service risks: Every SaaS/IaaS solution features dozens — sometimes even hundreds or thousands — of adjustable settings, making it easy for the administrator to make mistakes, for example, by leaving an important database exposed to the internet, or by failing to block access to privileged functions. Cloud solutions from different providers have different — and not wholly compatible — configuration settings, so even competent administrators may find it hard to ensure the integrity of security policies. The misconfiguration problem has been accountable for most of the high-profile data leaks in recent years. This problem is relevant for SaaS; acutely so for IaaS/DCaaS. Leakage of account details. Gaining access to information in a cloud is easy — but this advantage turns into a disadvantage as soon as your employees password ends up in the hands of threat actors. They can get hold of account data using phishing, or by bruteforcing a weak password, or by using a data leak from a third-party service and giving the leaked passwords a try with the users corporate accounts. This problem is relevant for all cloud types. Legal issues. In cloud environments, its more difficult to comply with legal data storage requirements; for example, not to send clients personal data abroad or to have particular safety measures in place at data centers. In some cases, its not clear at all in which country the data is stored. Insufficient monitoring. Organizations often find that the cybersecurity, access control, and data-leak prevention tools they use across their office networks dont work in cloud environments. As a result, cloud systems events (including logging in and downloading large volumes of data) may go unnoticed for weeks or even months. And the problem is relevant for all cloud types. Accidental data leaks. Careless use of the share function can make internal information accessible to outsiders. Vulnerabilities. Server apps are often found to contain vulnerabilities, and attackers find it convenient to exploit them in cloud environments. Firstly, cloud solutions can be accessed via the internet, and secondly, theyre often all configured in the same way — making it easy to replicate a successful attack against new victims. In SaaS, all vulnerabilities must be patched by the provider, with few or no options left for the user. In IaaS, the clients IT service deals with most of the issues, and they must be really quick about it. The correct cloud strategy Choice of the most appropriate strategy varies greatly depending on your organizations size, IT maturity, and objectives. The strategy must take into account whether the IT system was created from scratch or migrated from a cloudless system, what scale of operations needs to be ensured from day one, how to accommodate the regulators requirements, and so on. Dont forget to plan out your security measures early on in the project and to use specialized security systems for cloud environments. Heres a brief summary table to help you estimate the costs, complexity and risks: Â SaaS IaaS DCaaS Deployment costs + ++ ++++ Scaling speed ++++ +++ ++ IT/information security support costs + +++ ++++ Costs in case of a major surge in volumes/usage +++++ +++ ++ Support complexity for IT specialists + +++ ++++ Support complexity for information security specialists ++ ++++ +++ Information security risk level ++ +++ +++ Information security incident investigation and correction complexity ++++ +++ ++
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.
A press release published yesterday by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convict, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.
The use of legitimate websites for masking malicious URLs to avoid detection and minimize suspicion is a technique that cybercriminals have used for a long time. These websites are often used as referrer URLs that redirect to the malicious URLs.
ASEC’s AhnLab discovered a spam email campaign that distributes the DarkCloud info-stealer malware. The email contents urge recipients to review the attached payment statement, which purportedly pertains to their company account. Additionally, the threat actor installs ClipBanker on infected devices to steal a user’s crypto wallet address.
This threat activity employs open redirect abuse, varied email senders, and URL randomization to bypass email security measures. The monthly volume of this activity more than doubled in three out of the past four months.
Cybersecurity experts from ESET made this discovery, uncovering a variant of AhMyth, an open-source remote administration tool capable of extracting sensitive data from Android devices.
The accounts of the system administrator and database administrator were also compromised along with 11 other accounts and several gadgets used by the IIB staff, police said.
President Joe Biden has tapped Air Force Lt. Gen. Timothy Haugh to serve as the new chief of U.S. Cyber Command and the National Security Agency, two sources familiar with the decision told The Record.
Amazon Pharmacy’s PillPack arm recently began informing a subset of users that their accounts were accessed by an unknown actor. Of the 19,032 hacker accounts, 3,614 contained prescription information.
Cyware today announced the appointment of two industry veterans, Brett Candon as VP Europe, and Dan Bridges as Technical Director Europe, to lead Cyware’s launch in the European region.
Jessica Berlin, an independent policy and security consultant, noted that there is no international security without cybersecurity and called for a private sector task force to defend democracies in general elections and public information.
"This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications," Cado Labs researcher Matt Muir said.
As per a new report, despite the recognition of business threats posed by cyberattacks, UK CEOs have a lower level of understanding of cybersecurity risks than their international counterparts, with just 16% saying they have a complete understanding.
Point32Health, one of New England’s largest health insurers, notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack.
The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware.
Security analysts at Scam Sniffer exposed a crypto phishing and scam service Inferno Drainer that swindled about $5.9 million worth of cryptocurrencies from 4,888 victims. It reportedly crafted over 689 counterfeit websites since March 27, 2023. Deploy a real-time anti-scam protection solution for internet users across organizational networks.
Tel Aviv-based cybersecurity company ClearSky attributes these attacks “with a low confidence” to the Iranian nation-state hacker group Tortoiseshell, also called TA456 and Imperial Kitten. The threat actor has been active since at least July 2018.
Law enforcement and regulatory action over the past year in the US most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022.
OAuth-related vulnerabilities found in the widely used application development framework Expo could have been exploited to take control of user accounts, according to API security firm Salt Security.
The Israel-based real-time website impersonation detection and prevention solution provider has completed a $10 million seed round led by Capri Ventures and Venture Guides.
Latvian network equipment manufacturer MikroTik has shipped a patch for a major security defect in its RouterOS product and confirmed the vulnerability was exploited five months ago at the Pwn2Own Toronto hacking contest.
The ransomware threat is still very much alive, with 85% of organizations having suffered from at least one such attack over the past 12 months, according to Veeam’s 2023 Ransomware Trends Report.
An "unauthorized third party" broke into "select Apria systems" containing personal information from April 5, 2019, to May 7, 2019, and then a second time from August 27, 2021, to October 10, 2021, according to the alert.
Trend Micro revealed that the BlackCat ransomware group is using a signed kernel driver for evasion tactics. The driver was utilized in conjunction with a separate user client executable, with the intention of manipulating, pausing, and terminating specific processes associated with the security on the targeted endpoints. Windows admins must ensure that 'Driver Signature Enforcement' is enabled.
Debian Linux Security Advisory 5410-1 - Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent library, which could result in denial of service.
Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
Ubuntu Security Notice 6074-3 - USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an show more ...
attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a denial of service.
Ubuntu Security Notice 6101-1 - It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that GNU binutils did not properly verify the version definitions show more ...
in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04.
Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.
Roxy WI version 6.1.0.0 remote command execution exploit. This is a variant of the original disclosure of remote command execution in this version by Nuri Cilengir in April of 2023.
Ubuntu Security Notice 6102-1 - It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only show more ...
affected Ubuntu 20.04 LTS. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 5996-2 - USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6098-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that Jhead did not properly handle show more ...
certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only show more ...
allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Ubuntu Security Notice 6042-2 - USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Incident response playbooks and frameworks are leaving defenders ill-equipped to recover from the increasing number of successful cyberattacks. Developments in AI offer a new way for stretched teams to manage security incidents and heal swiftly.
DryRun security seeks to bridge the gap between developers and security professionals by automating security analysis in code reviews before deployment.
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware. "The
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,"
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected