News

News

• May 27, 2020 27 May'20

  McAfee: Attacks on cloud accounts up 630% during COVID-19

  Between January and April amid the COVID-19 pandemic, McAfee found usage of cloud collaboration apps and attacks seeking to steal account credentials both skyrocketed.

• January 24, 2020 24 Jan'20

  Google Cloud security gets boost with Secret Manager

  Google Cloud's new Secret Manager service augments its cloud security capabilities with an eye toward the needs of DevOps teams.

• January 23, 2020 23 Jan'20

  Microsoft misconfiguration exposed 250M customer service records

  Microsoft exposed 250 million customer support records on five Elasticsearch servers that had misconfigured Azure security rules, a Comparitech security research team found.

• December 12, 2019 12 Dec'19

  McAfee launches security tool Mvision Cloud for Containers

  Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers.

• December 03, 2019 03 Dec'19

  AWS Access Analyzer aims to limit S3 bucket exposures

  Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid accidentally exposing data stored in S3 buckets.

• Sponsored News

  • Keep out vulnerable third-party scripts that help steal data from your website

    Sponsored by Akamai - Visiting a website today, users gain access to a rich, interactive experience that is often customized to their preferences and enhanced for their convenience. See More

  • DDoS attacks are growing in frequency and scale during the pandemic. What can businesses do?

    Sponsored by Akamai - At a time when many businesses have their resources stretched to the limit, the scourge of distributed denial-of-service (DDoS) attacks has continued unabated and added to the difficulties faced by many during this ongoing pandemic. See More

  • Product Video: Page Integrity Manager

    Sponsored by Akamai - With modern web pages relying heavily on scripts to run services and access data, attackers are exploiting those scripts as a new attack vector to steal sensitive customer information. See More

  • Product Video: Web Application Protector

    Sponsored by Akamai - With limited security expertise, protecting your web applications is a daunting task. Web Application Protector provides automated web application firewall (WAF) and distributed denial-of-service (DDoS) protection that’s designed to offload the complexity associated with a traditional WAF. See More

  View All Sponsored News
• June 28, 2019 28 Jun'19

  Another Amazon S3 leak exposes Attunity data, credentials

  UpGuard security researchers found publicly exposed Amazon S3 buckets from data management firm Attunity, which included company credentials and data from enterprise clients.

• June 27, 2019 27 Jun'19

  AWS, customers tackle cloud misconfigurations and data exposures

  AWS re:Inforce, the cloud provider's inaugural security conference, addressed the problems of misconfigurations and data exposures with new tools, like Control Tower.

• June 20, 2019 20 Jun'19

  Threat Stack Cloud Security Platform adds application security

  Threat Stack Application Security Monitoring will bring security, visibility and protection to cloud-based architecture and applications, according to the vendor.

• June 03, 2019 03 Jun'19

  McAfee Database Security to improve Amazon RDS cloud security

  With its latest release, McAfee intends to improve Amazon RDS security and prevent cyberattacks with its new McAfee Database Security suite of cloud security products.

• May 30, 2019 30 May'19

  Palo Alto Networks launches Prisma, a cloud security suite

  Palo Alto Networks has launched its new cloud security suite called Prisma, comprised of four platforms -- Prisma Access, Prisma Public Cloud, Prisma SaaS and VM-Series.

• May 22, 2019 22 May'19

  G Suite passwords insecurely stored in two separate incidents

  Google disclosed two separate incidents in which G Suite passwords were stored insecurely, and in one of those incidents, the passwords were stored improperly for 14 years.

• May 21, 2019 21 May'19

  Coalfire adds 2 programs to its cloud security services

  Coalfire has launched Secure Cloud Automation Services and Cloud Security Strategy and Maturity Assessment programs to build out its cloud security services.

• December 07, 2018 07 Dec'18

  Critical Kubernetes vulnerability could have widespread effects

  News roundup: A critical Kubernetes vulnerability was found in the system's API server and could have a wide reach. Plus, ESET found 21 new Linux malware families, and more.

• October 04, 2018 04 Oct'18

  Palo Alto Networks buys cloud security startup RedLock

  Palo Alto Networks looks to bolster its cloud security portfolio with a $173 million acquisition of cloud security startup RedLock and integrate it with Evident.io technologies.

• August 09, 2018 09 Aug'18

  Netflix launches tool for monitoring AWS credentials

  At Black Hat 2018, a Netflix security engineer introduced a new open source tool designed to more effectively monitor AWS credentials in large cloud environments, like Netflix's.

• June 12, 2018 12 Jun'18

  Weight Watchers exposure due to unsecured Kubernetes console

  Security researchers discovered an unsecured Kubernetes console leading to a Weight Watchers exposure, but, allegedly, no personal data was leaked as a result of the issue.

• June 08, 2018 08 Jun'18

  Posting passwords on Trello leads to latest data exposure mess

  Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards.

• April 25, 2018 25 Apr'18

  SentinelOne extends to cloud environments with AnyCloud

  At RSA Conference 2018, SentinelOne CEO Tomer Weingarten talks with SearchSecurity about his company's shift to the cloud and what it means for endpoint security.

• April 23, 2018 23 Apr'18

  CyberArk warns of 'shadow admins' in cloud environments

  At RSA Conference 2018, CyberArk researchers described how threat actors are able to gain access to cloud environments and elevate privileges through 'shadow admins.'

• April 17, 2018 17 Apr'18

  Compromised cloud credentials still plaguing enterprises

  Why are enterprises still struggling with identity and access management in the cloud? Experts at RSA Conference discuss the issue and the risks posed by compromised credentials.

• February 01, 2018 01 Feb'18

  Challenges in cloud data security lead to a lack of confidence

  A new study on cloud data security provides insights into the shaken confidence in the cloud. Despite its increased use, payment and customer data still appears to be at risk.

• January 17, 2018 17 Jan'18

  Cloudflare Access takes on VPNs with reverse proxy approach

  Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace corporate VPNs and embrace perimeter-less security.

• November 28, 2017 28 Nov'17

  McAfee acquires cloud access security broker Skyhigh Networks

  In its first big post-Intel move, McAfee agreed to acquire Skyhigh Networks, a leading cloud access security broker, to strengthen its presence in the cloud security market.

• July 25, 2017 25 Jul'17

  G Suite security misconfigurations leave sensitive data exposed

  G Suite security faced similar issues to Amazon Web Services, as misconfigured access permissions could have exposed sensitive information from hundreds of Google Groups.

• July 19, 2017 19 Jul'17

  Users with public AWS S3 bucket policies receive warning

  Following a number of data leaks related to improper AWS S3 bucket policies, Amazon has begun sending warning emails to users with public permissions.

• February 14, 2017 14 Feb'17

  Tenable launches cloud-based vulnerability management platform

  At RSA Conference 2017, Tenable Network Security introduced a cloud-based vulnerability management platform called Tenable.io that allows users to import and export vulnerability data.

• February 13, 2017 13 Feb'17

  Skyhigh expands CASB model to IaaS platform protection, custom apps

  At RSA Conference 2017, Skyhigh Networks explained how it expanded its cloud access security broker model to include IaaS platforms and custom enterprise applications.

• February 13, 2017 13 Feb'17

  CSA: Custom applications creating new 'shadow cloud computing' risks

  The Cloud Security Alliance unveiled new research at RSA Conference 2017 that shows custom enterprise applications are creating shadow cloud computing risks for organizations.

• September 30, 2016 30 Sep'16

  Microsoft previews Project Springfield, Azure-based fuzz testing

  Microsoft's 'million-dollar bug detector' on offer in preview of Project Springfield, an Azure-based fuzz testing service announced at Ignite 2016.

• September 19, 2016 19 Sep'16

  Oracle acquires cloud access security broker Palerra

  At its OpenWorld Conference in San Francisco, Oracle announced an agreement to acquire cloud access security broker startup Palerra to get into the CASB market.

• September 14, 2016 14 Sep'16

  Cloud ransomware continues to rise, Netskope reports

  Netskope cloud report reveals growth in threat from cloud ransomware as infected enterprises average 26 files carrying malware, over half of infected files shared publicly.

• September 12, 2016 12 Sep'16

  Cloud POS provider Lightspeed reports security incident

  Cloud POS provider Lightspeed reports a 'security incident,' reminds customers to change passwords and developers to implement OAuth 2.0 for improved authentication.

• September 08, 2016 08 Sep'16

  Dropbox breach may be fueling phishing campaigns

  Phishing campaigns appear to be gearing up as email addresses and hashed passwords for more than 68 million Dropbox accounts circulate on dark web sites.

• September 01, 2016 01 Sep'16

  Dropbox passwords breach exposed 68 million users

  Confirming that 68 million Dropbox passwords were exposed in 2012, the cloud provider continued to urge users to update their credentials and enable two-factor authentication.

• August 31, 2016 31 Aug'16

  Ping: Distributed ledgers are the future of identity security

  SearchCloudSecurity's interview with Ping Identity CEO Andre Durand explores how distributed ledgers can be used for identity and access management.

• August 30, 2016 30 Aug'16

  Ping: It's time to address obstacles for identity as a service

  Ping Identity CEO Andre Durand talks with SearchCloudSecurity about the benefits of identity as a service as well as the issues holding back greater enterprise adoption of IDaaS.

• August 30, 2016 30 Aug'16

  Users urged to change Dropbox passwords and enable 2FA

  Cloud storage provider warns longtime users that it's time to change Dropbox passwords, as a precaution, after discovering an old set of Dropbox credentials was exposed -- in 2012.

• August 08, 2016 08 Aug'16

  Fireglass demonstrates techniques to beat AWS CloudTrail

  At Black Hat 2016, Fireglass researchers demonstrated how attackers can take advantage of AWS account jumping and abuse CloudTrail to hide their presence.

• July 15, 2016 15 Jul'16

  Microsoft wins email privacy court battle with U.S. government

  The U.S. Court of Appeals ruled in favor of Microsoft regarding a controversial email privacy case with the U.S. government that involves data stored in an offshore data center.

• July 13, 2016 13 Jul'16

  Cloud apps failing EU GDPR privacy regulation compliance so far

  Cloud apps and cloud customers face challenges in complying with the EU GDPR as the new data protection regulation is set to take effect in less than two years.

• June 30, 2016 30 Jun'16

  Cisco acquires cloud access security broker CloudLock for $293 million

  Cisco made a big move to increase its cloud security business with a $293 million acquisition of CloudLock, a startup in the cloud access security broker space.

• June 28, 2016 28 Jun'16

  CSA report shows frustrations with security alerts, endpoint agents

  New Cloud Security Alliance research shows growing fatigue with security alerts and endpoint agents, as well as growing adoption of IaaS and positive signs for Microsoft Azure.

• June 24, 2016 24 Jun'16

  IAM security heightened by cyberterrorism, nation-state attack concerns

  At the 2016 Cloud Identity Summit, security experts discussed how fears of nation-state attackers and APT groups are spurring a renewed focus on identity and access management.

• June 07, 2016 07 Jun'16

  Frank Abagnale: No technology can beat a social engineering attack

  SearchCloudSecurity talks with Frank Abagnale of Catch Me If You Can fame about the dangers of cybercrime and his work with the FBI as well as a new security startup.

• May 20, 2016 20 May'16

  RSA: Beware of ransomware attacks in the cloud

  RSA Security's Rashmi Knowles spoke with SearchCloudSecurity about how new ransomware attacks are targeting cloud service providers and what enterprises can do about it.

• April 28, 2016 28 Apr'16

  Secure cloud hosting: Why taking ownership is crucial

  Chase Cunningham of Armor spoke with SearchCloudSecurity at RSA Conference 2016 about the value of secure cloud hosting services, threat intelligence and more.

• March 21, 2016 21 Mar'16

  Netskope awarded patent for cloud visibility, governance

  Netskope earned a patent for its CASB services delivery method, which intelligently "steers" enterprise traffic to cloud apps and applies security controls to those apps.

• March 04, 2016 04 Mar'16

  CISOs discuss the value of cloud access security brokers

  Several CISOs discussed why cloud access security brokers are imperative to their respective enterprises during a panel discussion at RSA Conference 2016.

• March 02, 2016 02 Mar'16

  CASBs gaining momentum at RSA Conference 2016

  Cloud access security brokers are dominating the cloud security conversation at this year's RSA Conference. Here's what vendors are saying about CASBs.

• March 02, 2016 02 Mar'16

  Redundant cloud security controls creating headaches

  Trend Micro's Mark Nunnikhoven said enterprises are often forced to deploy distinct cloud security controls for each type of service they deploy, making security unmanageable.

• March 01, 2016 01 Mar'16

  Cloud providers weigh in on iPhone backdoor debate

  During a panel discussion at RSA Conference 2016, representatives from top cloud providers such as Google and Microsoft discussed the legal battle between Apple and the FBI over encrypted data.

• February 29, 2016 29 Feb'16

  Cloud malware leads to high-speed impact

  During the CSA Summit at At RSA’s 2016 Conference, Netskope warned how cloud synchronization services can spread malware infection throughout an enterprise.

• February 10, 2016 10 Feb'16

  Insider edition: How to contain a cloud, and other cloud safety concerns

  Now that enterprise data is stored in clouds of all shapes and sizes, IT needs to provide more security options than ever. This ezine supplement focuses on the issue of cloud safety and zones in on three of the latest cloud developments and their ...

• February 03, 2016 03 Feb'16

  Privacy Shield to replace Safe Harbor framework

  The EU and U.S. agree on Privacy Shield as the replacement for the Safe Harbor framework for transatlantic data flows, though questions remain over privacy protection details.

• February 01, 2016 01 Feb'16

  Readers' top picks for cloud security products

  What companies and cloud security products do organizations consider when they see to reduce their cloud vulnerabilities?

• January 28, 2016 28 Jan'16

  Industry group says FedRAMP certification process is 'broken'

  An advocacy group representing cloud providers such as Hewlett Packard Enterprise and IBM has criticized FedRAMP and called on the government to fix the cloud certification program.

• January 22, 2016 22 Jan'16

  LostPass security researcher questions LastPass responses

  The security researcher behind the LostPass phishing attack on LastPass has criticized the company's reaction and responses to his findings.

• January 19, 2016 19 Jan'16

  'LostPass' phishing attack targets LastPass credentials

  A new proof-of-concept attack presented at ShmooCon 2016 exploits security weaknesses in cloud-based password manager LastPass and could allow attackers to gain control of users' accounts.

• January 13, 2016 13 Jan'16

  RSA president outlines cloud security strategy, IDaaS plans

  RSA President Amit Yoran discusses how the security vendor is changing its focus and explains how cloud security will play an important role in RSA's new strategy.

• December 16, 2015 16 Dec'15

  Spy Banker Trojan takes advantage of Google cloud servers

  Security researchers at Zscaler discovered a new Spy Banker Trojan campaign that's leveraging Google's public cloud services as a hosting platform.

• December 10, 2015 10 Dec'15

  Pulse Secure readying Cloud Secure offering

  Following its split from Juniper Networks, Pulse Secure looks to take on cloud access and authentication problems with a new product.

• December 03, 2015 03 Dec'15

  Chinese APT group abused Dropbox to spread LOWBALL malware

  FireEye researchers discovered an advanced persistent threat group that used Dropbox to launch a spear phishing campaign against Hong Kong media companies.

• November 24, 2015 24 Nov'15

  Blue Coat merges CASBs with Web gateway security

  After acquiring two cloud access security brokers this year, Blue Coat Systems has united CASB capabilities with its Web gateway security technology under a new cloud security strategy.

• November 10, 2015 10 Nov'15

  Blue Coat acquires Elastica in $280 million CASB deal

  After acquiring Perspecsys this summer, Blue Coat Systems makes another CASB deal for Elastica to further strengthen its cloud security presence.

• November 06, 2015 06 Nov'15

  Dropbox Enterprise launches with new security features

  Dropbox stepped up its security offerings this week with the introduction of Dropbox Enterprise and several new cloud security controls for business customers.

• October 30, 2015 30 Oct'15

  Xen hypervisor security flaw patched after seven years

  A critical Xen hypervisor security flaw that allows attackers to access host operating systems and had gone undiscovered for several years was finally patched this week.

• October 28, 2015 28 Oct'15

  Intel pulls the plug on McAfee SaaS security products

  Intel Security unexpectedly moved several McAfee SaaS endpoint and email security products to end of life just prior to announcing a new corporate strategy this week.

• October 23, 2015 23 Oct'15

  Government surveillance, cloud growth at an impasse

  The negative effects of U.S. government surveillance have put cloud providers in a tough spot and left security vendors scrambling for better privacy protections.

• October 02, 2015 02 Oct'15

  Rackspace launches compliance assistance and managed security services

  Following its shift to a managed cloud services model, Rackspace has moved into the managed security and compliance services space.

• October 01, 2015 01 Oct'15

  Experts: It's time to rethink cloud data privacy protection

  Brian Krebs, Art Coviello and Kris Lovejoy tackle government conflicts and cybersecurity shortcomings at the Privacy. Security. Risk. 2015 event.

• September 30, 2015 30 Sep'15

  Skyhigh Networks obtains cloud security patent for CASB platform

  Skyhigh Networks' patented method for providing cloud access security broker services uses a reverse proxy mode to provide authentication and policy controls.

• September 25, 2015 25 Sep'15

  Coviello tackles cloud privacy, government's key escrow plan

  Former RSA chairman Art Coviello said the U.S. government and cybersecurity industry need to work together to solve growing issues around cloud security and privacy.

• September 18, 2015 18 Sep'15

  Palo Alto Networks enters cloud security gateway market

  Palo Alto Networks has launched its own CASB offering called Aperture, which aims to provide SaaS security controls for enterprises.

• September 10, 2015 10 Sep'15

  CASB roundup: Microsoft confirms Adallom buy, Netskope raises $75M

  In recent CASB market news, Microsoft confirms a major acquisition and Netskope raises its biggest round of venture capital funding yet.

• September 03, 2015 03 Sep'15

  New iOS malware targets jailbroken devices, iCloud accounts

  Security researchers discovered a new type of iOS malware that targets jailbroken devices and can allow attackers to take over the devices via iCloud.

• August 11, 2015 11 Aug'15

  CASB market surging behind acquisitions, investments

  Startups are dominating the suddenly-hot cloud access security broker market. Now larger vendors are eager to join the party, but will they buy a CASB or build their own cloud security gateway?

• July 24, 2015 24 Jul'15

  Microsoft-Adallom deal poised to impact cloud security gateway market

  Microsoft reportedly agreed to acquire cloud security startup Adallom for $320 million, which analysts say could spark major growth for the cloud security gateway market.

• July 17, 2015 17 Jul'15

  Healthcare cloud usage leading to security concerns

  Healthcare organizations are increasing their cloud service usage, but is the cloud making them safer or creating more security issues?

• July 09, 2015 09 Jul'15

  Indian government leaked shadow data through Google Drive

  Researchers at Elastica recently discovered an Indian government agency had its employees' email addresses and passwords exposed through Google Drive.

• June 30, 2015 30 Jun'15

  Cisco to acquire cloud security firm OpenDNS

  Cisco added another major piece to its growing security portfolio with an agreement to acquire cloud security provider OpenDNS.

• June 30, 2015 30 Jun'15

  Security vendors, cloud providers rally around cloud identity standards

  Open standards around identity and authentication are gaining popularity. So what -- and who -- is driving the movement?

• June 19, 2015 19 Jun'15

  DLP policy violations highlight cloud storage security concerns

  A new report from Netskope finds copious DLP violations in enterprises' cloud apps due to insufficient cloud storage security.

• June 16, 2015 16 Jun'15

  LastPass suffers data breach, customer password hashes exposed

  LastPass, a cloud-based password manager, disclosed that it had suffered a data breach and that customer email addresses, password hashes and other information were compromised.

• June 09, 2015 09 Jun'15

  Ping eyes improved cloud identity security with new platform

  At the Cloud Identity Summit this week, Ping introduced a new platform as well as support for the Apple Watch and Yubico's YubiKey.

• June 08, 2015 08 Jun'15

  Enterprises creating 'shadow data' through cloud storage services

  A new study from cloud access security broker Elastica shows a growing amount of shadow data is leaking out of enterprises via cloud services.

• June 02, 2015 02 Jun'15

  Symantec breaks into the cloud DLP market, teams with Box

  Symantec looks to strengthen cloud security presence by launching Data Loss Prevention 14 and teaming up with Box.

• May 28, 2015 28 May'15

  Synology cloud sync vulnerability exposes OS X systems

  A vulnerability in a cloud sync application was disclosed this week that could allow hackers to gain control of OS X systems.

• May 13, 2015 13 May'15

  Bugs, lack of support lead to Tor Cloud Project shutdown

  Tor Project shuts down its AWS bridge effort, Tor Cloud, but encouraged developers to set up their own Tor bridges to promote anonymous cloud usage.

• May 13, 2015 13 May'15

  VENOM zero-day vulnerability strikes virtual machine security

  CrowdStrike security researchers discovered a major bug that could impact a wide range of commonly-used virtualization platforms.

• May 08, 2015 08 May'15

  Cloud access security brokers team up with HP, Cisco

  Cloud access security brokers Adallom and Elastica recently struck major partnerships with Hewlett-Packard and Cisco, respectively, to improve SaaS security and cloud visibility.

• May 01, 2015 01 May'15

  Microsoft looks at best -- and worst -- practices for Azure security

  Azure CTO Mark Russinovich offered a behind-the-scenes look at Microsoft's cloud security practices and customer case studies at RSA Conference 2015.

• April 23, 2015 23 Apr'15

  Microsoft looks to boost Azure security with bug bounties

  At RSA Conference 2015 Microsoft expanded its bug bounties. The program will now include three new products, including Azure and Hyper-V.

• April 22, 2015 22 Apr'15

  Cloud privacy, security improving, but obstacles remain

  At RSA Conference 2015 security officials from Microsoft, Google and more discussed cloud security and privacy improvements and top threats today.

• April 21, 2015 21 Apr'15

  Charney: Cloud computing transparency, control key to better security

  At RSA Conference 2015, Microsoft's Scott Charney said cloud security products are the future, but to gain the trust of enterprise customers, they need to offer better cloud computing transparency and control.

• April 21, 2015 21 Apr'15

  Amazon, Google highlight cloud provider security issues at RSAC 2015

  Amazon, Google, Microsoft and others discussed a range of cloud security issues during a panel discussion at RSA Conference 2015.

• April 21, 2015 21 Apr'15

  Qualys introduces new Web application firewall, cloud agent at RSA 2015

  Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform.

• April 20, 2015 20 Apr'15

  CSA, (ISC)2 introduce new cloud security certification

  The Cloud Security Alliance and the International Information Systems Security Certification Consortium introduced a new, jointly developed cloud security certification.

• April 17, 2015 17 Apr'15

  Cloud security investments spike prior to RSA Conference 2015

  Top venture capital firms and IT companies have invested more than $200 million total on several cloud security startups in recent weeks, particularly the emerging field of cloud access security brokers.

• April 09, 2015 09 Apr'15

  CipherCloud launches free cloud compliance resource center

  CipherCloud's new Global Compliance Resource Center aims to clear up the confusion around global compliance and data privacy protection laws as they pertain to the cloud.

• April 02, 2015 02 Apr'15

  Cloud visibility a top concern ahead of RSA Conference 2015

  In the cloud security realm, experts say improved cloud visibility and big data analytics are expected to be major themes at this year's RSA Conference.