This week’s news is brought to you by JupiterOne.
- Google’s Cybersecurity Action Team has released Threat Horizon’s report this month. In this report they have provided some insights about Log4J. They report that despite patching, attackers are continuing to scan public-facing sites for those that have not been properly patched and after compromising a network, attackers are using Sliver to maintain access. Threat actors abuse Cloud Shell to initiate reverse SSH tunnels from compromised environments to avoid detection. They have outlined some Google Cloud Specific Mitigations for those operating in Google Cloud and how they can protect themselves by using various tools and techniques. The report can be accessed here
- Staying in theme with Google Cloud (which also happens to be our theme for this month at Cloud Security Podcast). They reported 3 security vulnerabilities in the Linux kernel a couple of weeks ago which we shared with you. This week they have reported a low severity vulnerability in the Linux kernel’s function. The attack uses unprivileged user namespaces and under certain circumstances this vulnerability can be exploitable for container breakout. You can find out more about this vulnerability here.
- More and more financial institutes are moving their payment applications to the cloud. “This entails a migration from the legacy on-premises applications and hardware security modules (HSM) to a cloud-based infrastructure that is not generally under their direct control.” To combat some of the challenges in making this shift, Azure has announced Azure Payment HSM in preview in East US and North Europe. According to Microsoft “ its provides “cryptographic key operations for real-time, critical payment transactions in the Azure cloud. Azure Payment HSM is designed specifically to help a service provider and an individual financial institution accelerate their payment system’s digital transformation strategy and adopt the public cloud. It meets stringent security, audit compliance, low latency, and high-performance requirements by the Payment Card Industry (PCI).” You can find out more about it here.
- Last week we shared Cloud Security Alliance’s Devsecops Pillar report, this week we are reporting about their Technology and Cloud Security Maturity report. If you have been following Cloud Security Podcast and News, it will come as no surprise – one of their key findings was that Organizations are utilizing multi-cloud despite challenges. The desire to be multicloud is driven by access to best in breed features from various CSPs, avoiding vendor lock-in and reducing cloud concentration risk. They also found that use of Zero Trust, AI/Machine Learning and Serverless expanding in the next two years and so is the use of software-defined perimeter – SDP, attack service management – ASM, and cloud security posture management CSPM. Interestingly they found that organisations are not planning for things like Blockchain, Quantum-safe security, 5G. You can read the entire report here.
- Have you heard about the Internet Society or ISOC? Its one of the oldest global nonprofit with a goal of keeping the Internet as a force for good: open, globally connected, secure, and trustworthy. The researchers at Clario recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members. A blob container named ISOC contained millions of JSON files that were structured to include login, password and email. Clario reported this to ISOC and the repository was subsequently secured. ISOC also confirmed that they have not seen any instances of malicious access to member data as a result of this issue. You can read more about this here.