Tag

Cloud Security

All articles tagged with #cloud security

technology1 month ago•6 min saved

Cloud breaches pivot to new flaws as credential abuse wanes

Google’s threat intelligence shows cloud intrusions are increasingly driven by exploiting freshly disclosed third-party software flaws, shrinking the window to weaponize exploits to days. Weak credentials have declined as an attack vector while remote code execution flaws like React2Shell (CVE-2025-55182) and XWiki (CVE-2025-24893) are frequently exploited. Attacks often begin via phishing or stolen identities, with Iran-, China-, and North Korea–linked campaigns maintaining long-term access to steal data, crypto, and credentials. OpenID Connect abuse, supply-chain incidents, and insider threats also feature prominently, underscoring the need for automated, rapid incident response as cloud threats accelerate into 2026.

via BleepingComputer|

#apt #cloud-security #data-exfiltration

technology1 month ago•25 min saved

Identity as the Perimeter: The Hidden Gate in Cyber Breaches

A sponsored Visual Capitalist infographic (in partnership with Unit 42 by Palo Alto Networks) outlines how cyberattackers breach systems by exploiting identity. Identity-based techniques drive about 65% of initial access, with social engineering and credential misuse leading the way, and 90% of recent investigations showing identity weaknesses as material. Once inside, over-privileged identities and token abuse enable rapid lateral movement, making identity the practical perimeter. Defenses recommended include phishing-resistant MFA (passkeys/FIDO2), rotating machine credentials, shorter sessions, just-in-time elevation for admins, and cross-cloud identity telemetry to detect unusual access chains.

via Visual Capitalist|

#cloud-security #cyberattacks #cybersecurity

security1 month ago•6 min saved

Researchers uncover 27 attack scenarios targeting cloud password managers

Swiss researchers disclosed 27 attack scenarios across Bitwarden, LastPass, Dashlane and 1Password that could let attackers view or modify vaults, challenging the science of end-to-end encryption and exploiting issues in onboarding, key escrow, and item-level encryption. A notable attack demonstrated is ‘malicious auto-enrolment’ against Bitwarden, which could allow a server-controlled attacker to hijack a vault during organization onboarding. Vendors are patching (Bitwarden, LastPass, Dashlane) while 1Password defends its SRP-based design. The paper recommends stronger authentication, key separation and ciphertext integrity. Users should check remediation status with providers and ask for audits.)

via Infosecurity Magazine|

#cloud-security #cryptography #end-to-end-encryption

security1 month ago•4 min saved

Researchers expose 25 recovery attacks against leading cloud password managers

A joint ETH Zurich/USI study identifies 25 distinct password-recovery/related attacks across major cloud password managers (Bitwarden, Dashlane, LastPass; with 1Password also noted for some flaws). Attacks span four categories: exploiting key escrow in account recovery, weaknesses in item-level encryption and metadata, vulnerabilities in sharing features, and downgrades due to legacy code. In total, 12 attacks hit Bitwarden, 7 LastPass, and 6 Dashlane; 1Password was linked to item-level and sharing flaws as known limitations. Vendors have issued patches or mitigations (e.g., Dashlane removing legacy crypto, Bitwarden remediation, LastPass hardening, 1Password using SRP), and there’s no evidence these issues have been exploited in the wild.

via The Hacker News|

#cloud-security #cryptography #password-managers

security2 months ago•13 min saved

VoidLink: A Cloud-Native Linux Malware Framework Targets Cloud and Containers

Check Point Research details VoidLink, a modular, cloud-first Linux malware framework designed for long-term access in cloud and container environments. Written in Zig, it features a two-stage loader, an in-memory plugin system with 37 default plugins, a web-based C2 dashboard, and adaptive stealth that tailors behavior after detecting cloud providers (AWS, GCP, Azure, Alibaba, Tencent). It supports multiple command-and-control channels (HTTP/HTTPS, DNS, ICMP) and even a potential mesh network, plus rootkit capabilities (LD_PRELOAD, eBPF, LKM) depending on kernel version, anti-analysis and self-deletion measures, and a broad plugin ecosystem for post-exploitation tasks. The framework appears to be under active development—likely commercial—raising the need for defenders to harden Linux, cloud, and container environments; as of publication, no real-world infections had been observed.

via Check Point Software|

#cloud-security #container-security #linux-malware

technology3 months ago•5 min saved

Palo Alto Networks and Google Cloud Secure $10 Billion AI and Cloud Deal

Palo Alto Networks and Google Cloud have expanded their partnership to enhance AI security across cloud and hybrid environments, integrating Palo Alto's Prisma AIRS with Google Cloud's AI services to protect AI workloads, improve security management, and streamline deployment, while also migrating Palo Alto's internal workloads to Google Cloud to optimize performance and reliability.

via Google Cloud Press Corner|

#ai-infrastructure #ai-security #cloud-security

technology5 months ago•1 min saved

Tips to Prevent Cloud Account Lockouts

The article warns about the risks of being locked out of cloud storage accounts like Google, Dropbox, iCloud, and OneDrive, highlighting the importance of security measures to prevent losing access to valuable data, as illustrated by a Reddit story of a user losing 30 years of photos and work.

via WIRED|

#account-lockout #cloud-security #dropbox

business6 months ago•1 min saved

Netskope IPO Surges 18% in Market Debut

Netskope's IPO in 2025 raised over $900 million with a valuation of $7.3 billion, and its stock surged 18.4% on its first trading day, reflecting strong investor interest in cybersecurity and cloud security solutions.

via Investor's Business Daily|

#business #cloud-security #cybersecurity

technology7 months ago•3 min saved

Whistleblower Alleges DOGE Exposed Social Security Data

A whistleblower has alleged that the Department of Government Efficiency improperly stored sensitive personal data of over 300 million Americans, including Social Security numbers, on a vulnerable cloud server, violating laws and creating significant security risks, with potential for widespread identity theft and other harms.

via NBC News|

#cloud-security #data-breach #government-data

privacy-and-security7 months ago•1 min saved

Whistleblower Warns of Major Social Security Data Security Threats

A whistleblower has revealed that the Department of Government Efficiency uploaded a massive, unsecured Social Security database to the cloud, risking sensitive personal information of over 300 million Americans, raising concerns about identity theft and data security, despite official assurances of safety.

via Axios|

#cloud-security #data-breach #privacy-and-security

technology7 months ago•0 min saved

Whistleblower Warns DOGE and Trump Actions Endanger Millions' Social Security Data

A top SSA official warns that Doge uploaded all Social Security Numbers to a risky cloud server, raising concerns about data security and privacy risks.

via Forbes|

#cloud-security #data-breach #doge

technology8 months ago•4 min saved

Researchers Reveal GPT-5 Jailbreak and Zero-Click AI Attacks Threatening Cloud and IoT Security

Cybersecurity researchers have discovered sophisticated jailbreak techniques and zero-click AI agent attacks targeting GPT-5 and cloud/IoT systems, exposing vulnerabilities in AI safety measures and highlighting the increasing risks of indirect prompt injections and external system integrations. These attacks can manipulate AI models to generate harmful content or exfiltrate sensitive data without user interaction, emphasizing the need for improved security protocols in AI development.

via The Hacker News|

#ai-security #cloud-security #gpt-5-jailbreak

technology10 months ago•3 min saved

Major Data Breach Exposes 184 Million User Logins and Passwords

A massive data breach exposed over 184 million records, including emails and passwords linked to major platforms and government services, highlighting the urgent need for consumers to update passwords, enable multi-factor authentication, and monitor their accounts to prevent fraud and identity theft.

via Yahoo|

#cloud-security #cybersecurity #data-breach

business1 year ago•1 min saved

Upwind Secures $100M Funding, Nears $900M Valuation

Israeli cybersecurity startup Upwind is set to raise $100 million in a Series B funding round, valuing the company at $850-900 million. Founded by Amiram Shachar and partners from Spot.io, Upwind focuses on real-time cloud infrastructure protection. The funding round includes investors like Craft Ventures, Greylock, and basketball star Steph Curry's Penny Jar. This round will bring Upwind's total funding to $180 million within two years, as the company plans to expand its workforce and enhance its cloud security platform.

via CTech|

#business #cloud-security #funding

businesstechnology1 year ago•2 min saved

Google's Record-Breaking Wiz Acquisition Signals Major Tech M&A Wave

Google parent Alphabet Inc. is reportedly nearing a $23-billion acquisition of cloud security startup Wiz Inc., a move seen as a strategic "poker move" that could trigger a significant wave of mergers and acquisitions in Big Tech by 2025. Analysts highlight the deal's potential to reshape the industry, enhance Google's cloud security capabilities, and set new valuation benchmarks for other cybersecurity firms.

via Benzinga|

#alphabet #businesstechnology #cloud-security