Amazon S3 encrypts by default and The CircleCI Breach
Cloud Security News this week 14 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News According to recent study published by IEEE which I found interesting (which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industrial Internet of Things (IIoT) (33%) will be the five most important areas of technology of 2023” Late December, a security engineer at CircleCI received an email notification about a potential attack on his CircleCI account thanks to an AWS CanaryToken placed by him. On Jan 4th, CircleCI advised to rotate any and all secrets stored in CircleCI and published a blog outlining the various ways to do it. AWS announced on 5 Jan 2023, that Amazon S3 will now automatically apply server-side encryption for each new object. This has been welcomed by AWS users as a good compliance tick and also would assist with those pesky S3 bucket breaches which are still all too common. Unit 42 researchers from Palo Alto Networks recently released a report about Automated Libra, the cloud threat actor behind the freejacking campaign PurpleUrchin, reporting that they had created more than 130,000 accounts on free or limited-use cloud platforms such as Heroku and GitHub. Google has released reports sharing that API endpoints are increasing under attack mostly (no surprises here) due to API misconfigurations. According to their reports, many companies are intending to expand their real-time monitoring of API servers and using (AI/ML) systems to better discover flaws and detect attacks.
14 Jan 20236min
New Cloud Vulnerability Database + Another Misconfigured S3 Bucket
Cloud Security News this week 14 July 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
14 Juli 20225min
Dell Embraces Multi-cloud + Hackers use stolen OAuth
Cloud Security News this week 11 May 2022 Brought to you this week by JupiterOne To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
11 Maj 20226min
AWS Security Hub releases 5 new controls + Latest with Spring4shell
Cloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
13 Apr 20225min
What is Spring4shell? + Should we be concerned?
Cloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
7 Apr 20224min
Latest with Okta/Lapsus$ + Return of Log4J
Cloud Security News this week 30 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
30 Mars 20226min
All you need to know about the Okta and Microsoft breach
Cloud Security News this week 23 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
23 Mars 20225min
