News
News
- May 27, 2020
27 May'20
McAfee: Attacks on cloud accounts up 630% during COVID-19
Between January and April amid the COVID-19 pandemic, McAfee found usage of cloud collaboration apps and attacks seeking to steal account credentials both skyrocketed.
- January 24, 2020
24 Jan'20
Google Cloud security gets boost with Secret Manager
Google Cloud's new Secret Manager service augments its cloud security capabilities with an eye toward the needs of DevOps teams.
- January 23, 2020
23 Jan'20
Microsoft misconfiguration exposed 250M customer service records
Microsoft exposed 250 million customer support records on five Elasticsearch servers that had misconfigured Azure security rules, a Comparitech security research team found.
-
- December 12, 2019
12 Dec'19
McAfee launches security tool Mvision Cloud for Containers
Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers.
- December 03, 2019
03 Dec'19
AWS Access Analyzer aims to limit S3 bucket exposures
Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid accidentally exposing data stored in S3 buckets.
-
Sponsored News
-
VMC on AWS can ease Thai concerns about cloud security cost
Sponsored by VMware - Adopting a cloud strategy with VMC and AWS will address worries businesses share about the loss of control over cost, security, and systems when they move to the cloud. See More
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
Consumers' move towards digital services push Thai firms to cloud
Sponsored by VMware - To tap growing consumption of online services, businesses in Thailand are looking to VMC on AWS to help them move more cost effectively and easily to the cloud. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
- June 28, 2019
28 Jun'19
Another Amazon S3 leak exposes Attunity data, credentials
UpGuard security researchers found publicly exposed Amazon S3 buckets from data management firm Attunity, which included company credentials and data from enterprise clients.
- June 27, 2019
27 Jun'19
AWS, customers tackle cloud misconfigurations and data exposures
AWS re:Inforce, the cloud provider's inaugural security conference, addressed the problems of misconfigurations and data exposures with new tools, like Control Tower.
- June 20, 2019
20 Jun'19
Threat Stack Cloud Security Platform adds application security
Threat Stack Application Security Monitoring will bring security, visibility and protection to cloud-based architecture and applications, according to the vendor.
- June 03, 2019
03 Jun'19
McAfee Database Security to improve Amazon RDS cloud security
With its latest release, McAfee intends to improve Amazon RDS security and prevent cyberattacks with its new McAfee Database Security suite of cloud security products.
- May 30, 2019
30 May'19
Palo Alto Networks launches Prisma, a cloud security suite
Palo Alto Networks has launched its new cloud security suite called Prisma, comprised of four platforms -- Prisma Access, Prisma Public Cloud, Prisma SaaS and VM-Series.
-
- May 22, 2019
22 May'19
G Suite passwords insecurely stored in two separate incidents
Google disclosed two separate incidents in which G Suite passwords were stored insecurely, and in one of those incidents, the passwords were stored improperly for 14 years.
- May 21, 2019
21 May'19
Coalfire adds 2 programs to its cloud security services
Coalfire has launched Secure Cloud Automation Services and Cloud Security Strategy and Maturity Assessment programs to build out its cloud security services.
- December 07, 2018
07 Dec'18
Critical Kubernetes vulnerability could have widespread effects
News roundup: A critical Kubernetes vulnerability was found in the system's API server and could have a wide reach. Plus, ESET found 21 new Linux malware families, and more.
- October 04, 2018
04 Oct'18
Palo Alto Networks buys cloud security startup RedLock
Palo Alto Networks looks to bolster its cloud security portfolio with a $173 million acquisition of cloud security startup RedLock and integrate it with Evident.io technologies.
- August 09, 2018
09 Aug'18
Netflix launches tool for monitoring AWS credentials
At Black Hat 2018, a Netflix security engineer introduced a new open source tool designed to more effectively monitor AWS credentials in large cloud environments, like Netflix's.
- June 12, 2018
12 Jun'18
Weight Watchers exposure due to unsecured Kubernetes console
Security researchers discovered an unsecured Kubernetes console leading to a Weight Watchers exposure, but, allegedly, no personal data was leaked as a result of the issue.
- June 08, 2018
08 Jun'18
Posting passwords on Trello leads to latest data exposure mess
Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards.
- April 25, 2018
25 Apr'18
SentinelOne extends to cloud environments with AnyCloud
At RSA Conference 2018, SentinelOne CEO Tomer Weingarten talks with SearchSecurity about his company's shift to the cloud and what it means for endpoint security.
- April 23, 2018
23 Apr'18
CyberArk warns of 'shadow admins' in cloud environments
At RSA Conference 2018, CyberArk researchers described how threat actors are able to gain access to cloud environments and elevate privileges through 'shadow admins.'
- April 17, 2018
17 Apr'18
Compromised cloud credentials still plaguing enterprises
Why are enterprises still struggling with identity and access management in the cloud? Experts at RSA Conference discuss the issue and the risks posed by compromised credentials.
- February 01, 2018
01 Feb'18
Challenges in cloud data security lead to a lack of confidence
A new study on cloud data security provides insights into the shaken confidence in the cloud. Despite its increased use, payment and customer data still appears to be at risk.
- January 17, 2018
17 Jan'18
Cloudflare Access takes on VPNs with reverse proxy approach
Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace corporate VPNs and embrace perimeter-less security.
- November 28, 2017
28 Nov'17
McAfee acquires cloud access security broker Skyhigh Networks
In its first big post-Intel move, McAfee agreed to acquire Skyhigh Networks, a leading cloud access security broker, to strengthen its presence in the cloud security market.
- July 25, 2017
25 Jul'17
G Suite security misconfigurations leave sensitive data exposed
G Suite security faced similar issues to Amazon Web Services, as misconfigured access permissions could have exposed sensitive information from hundreds of Google Groups.
- July 19, 2017
19 Jul'17
Users with public AWS S3 bucket policies receive warning
Following a number of data leaks related to improper AWS S3 bucket policies, Amazon has begun sending warning emails to users with public permissions.
- February 14, 2017
14 Feb'17
Tenable launches cloud-based vulnerability management platform
At RSA Conference 2017, Tenable Network Security introduced a cloud-based vulnerability management platform called Tenable.io that allows users to import and export vulnerability data.
- February 13, 2017
13 Feb'17
Skyhigh expands CASB model to IaaS platform protection, custom apps
At RSA Conference 2017, Skyhigh Networks explained how it expanded its cloud access security broker model to include IaaS platforms and custom enterprise applications.
- February 13, 2017
13 Feb'17
CSA: Custom applications creating new 'shadow cloud computing' risks
The Cloud Security Alliance unveiled new research at RSA Conference 2017 that shows custom enterprise applications are creating shadow cloud computing risks for organizations.
- September 30, 2016
30 Sep'16
Microsoft previews Project Springfield, Azure-based fuzz testing
Microsoft's 'million-dollar bug detector' on offer in preview of Project Springfield, an Azure-based fuzz testing service announced at Ignite 2016.
- September 19, 2016
19 Sep'16
Oracle acquires cloud access security broker Palerra
At its OpenWorld Conference in San Francisco, Oracle announced an agreement to acquire cloud access security broker startup Palerra to get into the CASB market.
- September 14, 2016
14 Sep'16
Cloud ransomware continues to rise, Netskope reports
Netskope cloud report reveals growth in threat from cloud ransomware as infected enterprises average 26 files carrying malware, over half of infected files shared publicly.
- September 12, 2016
12 Sep'16
Cloud POS provider Lightspeed reports security incident
Cloud POS provider Lightspeed reports a 'security incident,' reminds customers to change passwords and developers to implement OAuth 2.0 for improved authentication.
- September 08, 2016
08 Sep'16
Dropbox breach may be fueling phishing campaigns
Phishing campaigns appear to be gearing up as email addresses and hashed passwords for more than 68 million Dropbox accounts circulate on dark web sites.
- September 01, 2016
01 Sep'16
Dropbox passwords breach exposed 68 million users
Confirming that 68 million Dropbox passwords were exposed in 2012, the cloud provider continued to urge users to update their credentials and enable two-factor authentication.
- August 31, 2016
31 Aug'16
Ping: Distributed ledgers are the future of identity security
SearchCloudSecurity's interview with Ping Identity CEO Andre Durand explores how distributed ledgers can be used for identity and access management.
- August 30, 2016
30 Aug'16
Ping: It's time to address obstacles for identity as a service
Ping Identity CEO Andre Durand talks with SearchCloudSecurity about the benefits of identity as a service as well as the issues holding back greater enterprise adoption of IDaaS.
- August 30, 2016
30 Aug'16
Users urged to change Dropbox passwords and enable 2FA
Cloud storage provider warns longtime users that it's time to change Dropbox passwords, as a precaution, after discovering an old set of Dropbox credentials was exposed -- in 2012.
- August 08, 2016
08 Aug'16
Fireglass demonstrates techniques to beat AWS CloudTrail
At Black Hat 2016, Fireglass researchers demonstrated how attackers can take advantage of AWS account jumping and abuse CloudTrail to hide their presence.
- July 15, 2016
15 Jul'16
Microsoft wins email privacy court battle with U.S. government
The U.S. Court of Appeals ruled in favor of Microsoft regarding a controversial email privacy case with the U.S. government that involves data stored in an offshore data center.
- July 13, 2016
13 Jul'16
Cloud apps failing EU GDPR privacy regulation compliance so far
Cloud apps and cloud customers face challenges in complying with the EU GDPR as the new data protection regulation is set to take effect in less than two years.
- June 30, 2016
30 Jun'16
Cisco acquires cloud access security broker CloudLock for $293 million
Cisco made a big move to increase its cloud security business with a $293 million acquisition of CloudLock, a startup in the cloud access security broker space.
- June 28, 2016
28 Jun'16
CSA report shows frustrations with security alerts, endpoint agents
New Cloud Security Alliance research shows growing fatigue with security alerts and endpoint agents, as well as growing adoption of IaaS and positive signs for Microsoft Azure.
- June 24, 2016
24 Jun'16
IAM security heightened by cyberterrorism, nation-state attack concerns
At the 2016 Cloud Identity Summit, security experts discussed how fears of nation-state attackers and APT groups are spurring a renewed focus on identity and access management.
- June 07, 2016
07 Jun'16
Frank Abagnale: No technology can beat a social engineering attack
SearchCloudSecurity talks with Frank Abagnale of Catch Me If You Can fame about the dangers of cybercrime and his work with the FBI as well as a new security startup.
- May 20, 2016
20 May'16
RSA: Beware of ransomware attacks in the cloud
RSA Security's Rashmi Knowles spoke with SearchCloudSecurity about how new ransomware attacks are targeting cloud service providers and what enterprises can do about it.
- April 28, 2016
28 Apr'16
Secure cloud hosting: Why taking ownership is crucial
Chase Cunningham of Armor spoke with SearchCloudSecurity at RSA Conference 2016 about the value of secure cloud hosting services, threat intelligence and more.
- March 21, 2016
21 Mar'16
Netskope awarded patent for cloud visibility, governance
Netskope earned a patent for its CASB services delivery method, which intelligently "steers" enterprise traffic to cloud apps and applies security controls to those apps.
- March 04, 2016
04 Mar'16
CISOs discuss the value of cloud access security brokers
Several CISOs discussed why cloud access security brokers are imperative to their respective enterprises during a panel discussion at RSA Conference 2016.
- March 02, 2016
02 Mar'16
CASBs gaining momentum at RSA Conference 2016
Cloud access security brokers are dominating the cloud security conversation at this year's RSA Conference. Here's what vendors are saying about CASBs.
- March 02, 2016
02 Mar'16
Redundant cloud security controls creating headaches
Trend Micro's Mark Nunnikhoven said enterprises are often forced to deploy distinct cloud security controls for each type of service they deploy, making security unmanageable.
- March 01, 2016
01 Mar'16
Cloud providers weigh in on iPhone backdoor debate
During a panel discussion at RSA Conference 2016, representatives from top cloud providers such as Google and Microsoft discussed the legal battle between Apple and the FBI over encrypted data.
- February 29, 2016
29 Feb'16
Cloud malware leads to high-speed impact
During the CSA Summit at At RSA’s 2016 Conference, Netskope warned how cloud synchronization services can spread malware infection throughout an enterprise.
- February 10, 2016
10 Feb'16
Insider edition: How to contain a cloud, and other cloud safety concerns
Now that enterprise data is stored in clouds of all shapes and sizes, IT needs to provide more security options than ever. This ezine supplement focuses on the issue of cloud safety and zones in on three of the latest cloud developments and their ...
- February 03, 2016
03 Feb'16
Privacy Shield to replace Safe Harbor framework
The EU and U.S. agree on Privacy Shield as the replacement for the Safe Harbor framework for transatlantic data flows, though questions remain over privacy protection details.
- February 01, 2016
01 Feb'16
Readers' top picks for cloud security products
What companies and cloud security products do organizations consider when they see to reduce their cloud vulnerabilities?
- January 28, 2016
28 Jan'16
Industry group says FedRAMP certification process is 'broken'
An advocacy group representing cloud providers such as Hewlett Packard Enterprise and IBM has criticized FedRAMP and called on the government to fix the cloud certification program.
- January 22, 2016
22 Jan'16
LostPass security researcher questions LastPass responses
The security researcher behind the LostPass phishing attack on LastPass has criticized the company's reaction and responses to his findings.
- January 19, 2016
19 Jan'16
'LostPass' phishing attack targets LastPass credentials
A new proof-of-concept attack presented at ShmooCon 2016 exploits security weaknesses in cloud-based password manager LastPass and could allow attackers to gain control of users' accounts.
- January 13, 2016
13 Jan'16
RSA president outlines cloud security strategy, IDaaS plans
RSA President Amit Yoran discusses how the security vendor is changing its focus and explains how cloud security will play an important role in RSA's new strategy.
- December 16, 2015
16 Dec'15
Spy Banker Trojan takes advantage of Google cloud servers
Security researchers at Zscaler discovered a new Spy Banker Trojan campaign that's leveraging Google's public cloud services as a hosting platform.
- December 10, 2015
10 Dec'15
Pulse Secure readying Cloud Secure offering
Following its split from Juniper Networks, Pulse Secure looks to take on cloud access and authentication problems with a new product.
- December 03, 2015
03 Dec'15
Chinese APT group abused Dropbox to spread LOWBALL malware
FireEye researchers discovered an advanced persistent threat group that used Dropbox to launch a spear phishing campaign against Hong Kong media companies.
- November 24, 2015
24 Nov'15
Blue Coat merges CASBs with Web gateway security
After acquiring two cloud access security brokers this year, Blue Coat Systems has united CASB capabilities with its Web gateway security technology under a new cloud security strategy.
- November 10, 2015
10 Nov'15
Blue Coat acquires Elastica in $280 million CASB deal
After acquiring Perspecsys this summer, Blue Coat Systems makes another CASB deal for Elastica to further strengthen its cloud security presence.
- November 06, 2015
06 Nov'15
Dropbox Enterprise launches with new security features
Dropbox stepped up its security offerings this week with the introduction of Dropbox Enterprise and several new cloud security controls for business customers.
- October 30, 2015
30 Oct'15
Xen hypervisor security flaw patched after seven years
A critical Xen hypervisor security flaw that allows attackers to access host operating systems and had gone undiscovered for several years was finally patched this week.
- October 28, 2015
28 Oct'15
Intel pulls the plug on McAfee SaaS security products
Intel Security unexpectedly moved several McAfee SaaS endpoint and email security products to end of life just prior to announcing a new corporate strategy this week.
- October 23, 2015
23 Oct'15
Government surveillance, cloud growth at an impasse
The negative effects of U.S. government surveillance have put cloud providers in a tough spot and left security vendors scrambling for better privacy protections.
- October 02, 2015
02 Oct'15
Rackspace launches compliance assistance and managed security services
Following its shift to a managed cloud services model, Rackspace has moved into the managed security and compliance services space.
- October 01, 2015
01 Oct'15
Experts: It's time to rethink cloud data privacy protection
Brian Krebs, Art Coviello and Kris Lovejoy tackle government conflicts and cybersecurity shortcomings at the Privacy. Security. Risk. 2015 event.
- September 30, 2015
30 Sep'15
Skyhigh Networks obtains cloud security patent for CASB platform
Skyhigh Networks' patented method for providing cloud access security broker services uses a reverse proxy mode to provide authentication and policy controls.
- September 25, 2015
25 Sep'15
Coviello tackles cloud privacy, government's key escrow plan
Former RSA chairman Art Coviello said the U.S. government and cybersecurity industry need to work together to solve growing issues around cloud security and privacy.
- September 18, 2015
18 Sep'15
Palo Alto Networks enters cloud security gateway market
Palo Alto Networks has launched its own CASB offering called Aperture, which aims to provide SaaS security controls for enterprises.
- September 10, 2015
10 Sep'15
CASB roundup: Microsoft confirms Adallom buy, Netskope raises $75M
In recent CASB market news, Microsoft confirms a major acquisition and Netskope raises its biggest round of venture capital funding yet.
- September 03, 2015
03 Sep'15
New iOS malware targets jailbroken devices, iCloud accounts
Security researchers discovered a new type of iOS malware that targets jailbroken devices and can allow attackers to take over the devices via iCloud.
- August 11, 2015
11 Aug'15
CASB market surging behind acquisitions, investments
Startups are dominating the suddenly-hot cloud access security broker market. Now larger vendors are eager to join the party, but will they buy a CASB or build their own cloud security gateway?
- July 24, 2015
24 Jul'15
Microsoft-Adallom deal poised to impact cloud security gateway market
Microsoft reportedly agreed to acquire cloud security startup Adallom for $320 million, which analysts say could spark major growth for the cloud security gateway market.
- July 17, 2015
17 Jul'15
Healthcare cloud usage leading to security concerns
Healthcare organizations are increasing their cloud service usage, but is the cloud making them safer or creating more security issues?
- July 09, 2015
09 Jul'15
Indian government leaked shadow data through Google Drive
Researchers at Elastica recently discovered an Indian government agency had its employees' email addresses and passwords exposed through Google Drive.
- June 30, 2015
30 Jun'15
Cisco to acquire cloud security firm OpenDNS
Cisco added another major piece to its growing security portfolio with an agreement to acquire cloud security provider OpenDNS.
- June 30, 2015
30 Jun'15
Security vendors, cloud providers rally around cloud identity standards
Open standards around identity and authentication are gaining popularity. So what -- and who -- is driving the movement?
- June 19, 2015
19 Jun'15
DLP policy violations highlight cloud storage security concerns
A new report from Netskope finds copious DLP violations in enterprises' cloud apps due to insufficient cloud storage security.
- June 16, 2015
16 Jun'15
LastPass suffers data breach, customer password hashes exposed
LastPass, a cloud-based password manager, disclosed that it had suffered a data breach and that customer email addresses, password hashes and other information were compromised.
- June 09, 2015
09 Jun'15
Ping eyes improved cloud identity security with new platform
At the Cloud Identity Summit this week, Ping introduced a new platform as well as support for the Apple Watch and Yubico's YubiKey.
- June 08, 2015
08 Jun'15
Enterprises creating 'shadow data' through cloud storage services
A new study from cloud access security broker Elastica shows a growing amount of shadow data is leaking out of enterprises via cloud services.
- June 02, 2015
02 Jun'15
Symantec breaks into the cloud DLP market, teams with Box
Symantec looks to strengthen cloud security presence by launching Data Loss Prevention 14 and teaming up with Box.
- May 28, 2015
28 May'15
Synology cloud sync vulnerability exposes OS X systems
A vulnerability in a cloud sync application was disclosed this week that could allow hackers to gain control of OS X systems.
- May 13, 2015
13 May'15
Bugs, lack of support lead to Tor Cloud Project shutdown
Tor Project shuts down its AWS bridge effort, Tor Cloud, but encouraged developers to set up their own Tor bridges to promote anonymous cloud usage.
- May 13, 2015
13 May'15
VENOM zero-day vulnerability strikes virtual machine security
CrowdStrike security researchers discovered a major bug that could impact a wide range of commonly-used virtualization platforms.
- May 08, 2015
08 May'15
Cloud access security brokers team up with HP, Cisco
Cloud access security brokers Adallom and Elastica recently struck major partnerships with Hewlett-Packard and Cisco, respectively, to improve SaaS security and cloud visibility.
- May 01, 2015
01 May'15
Microsoft looks at best -- and worst -- practices for Azure security
Azure CTO Mark Russinovich offered a behind-the-scenes look at Microsoft's cloud security practices and customer case studies at RSA Conference 2015.
- April 23, 2015
23 Apr'15
Microsoft looks to boost Azure security with bug bounties
At RSA Conference 2015 Microsoft expanded its bug bounties. The program will now include three new products, including Azure and Hyper-V.
- April 22, 2015
22 Apr'15
Cloud privacy, security improving, but obstacles remain
At RSA Conference 2015 security officials from Microsoft, Google and more discussed cloud security and privacy improvements and top threats today.
- April 21, 2015
21 Apr'15
Charney: Cloud computing transparency, control key to better security
At RSA Conference 2015, Microsoft's Scott Charney said cloud security products are the future, but to gain the trust of enterprise customers, they need to offer better cloud computing transparency and control.
- April 21, 2015
21 Apr'15
Amazon, Google highlight cloud provider security issues at RSAC 2015
Amazon, Google, Microsoft and others discussed a range of cloud security issues during a panel discussion at RSA Conference 2015.
- April 21, 2015
21 Apr'15
Qualys introduces new Web application firewall, cloud agent at RSA 2015
Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform.
- April 20, 2015
20 Apr'15
CSA, (ISC)2 introduce new cloud security certification
The Cloud Security Alliance and the International Information Systems Security Certification Consortium introduced a new, jointly developed cloud security certification.
- April 17, 2015
17 Apr'15
Cloud security investments spike prior to RSA Conference 2015
Top venture capital firms and IT companies have invested more than $200 million total on several cloud security startups in recent weeks, particularly the emerging field of cloud access security brokers.
- April 09, 2015
09 Apr'15
CipherCloud launches free cloud compliance resource center
CipherCloud's new Global Compliance Resource Center aims to clear up the confusion around global compliance and data privacy protection laws as they pertain to the cloud.
- April 02, 2015
02 Apr'15
Cloud visibility a top concern ahead of RSA Conference 2015
In the cloud security realm, experts say improved cloud visibility and big data analytics are expected to be major themes at this year's RSA Conference.