- In Cloud Security News this week, Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this here
- For those of you who remember, Google announced in August 2021 that they will invest $10 billion over the next 5 years to strengthen cybersecurity “including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security.” You can read that announcement here.
- If we rewind our minds to the last few weeks of 2021, the world of cloud security and cyber security was full of all things Log4Shell. Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”. They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. Read the blog linked in the podcast shownotes for a deep dive into their findings and recommendations so far. You can read their updated blog here.
- Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to set up a backdoor on the compromised host to do cryptomining. Since 2019, Aquasec’s research them who have been monitoring this attack have seen 84 such attacks, with 4 of them being in the last quarter of 2021. This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. Aquasec apltly puts “The Autom campaign illustrates that attackers are becoming more sophisticated, continually improving their techniques and their ability to avoid detection by security solutions.”. They recommend performing dynamic image analysis, monitoring container activity, checking your environment for misconfigured APIs and limiting unsecured inbound or outbound communication. You can see the blog and their findings here.
- Few weeks ago on Cloud Security News, we spoke about popular gaming company SEGA and their intentions to leverage Azure to build large scale games. This week they are in the news again however for a very different reason. SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. They are sharing their story to encourage and inspire other organisations to double check their own systems and configurations. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. The affected Amazon bucket contained multiple sets of AWS keys with which it was possible to access many of SEGA Europe’s cloud services. Security researchers also recovered MailChimp and Steam keys. VPN blog reports that “zero indications that malicious actors actively exploited any vulnerabilities in the case of SEGA” however warns that “companies have to keep their public and private cloud separate” and “storage within a private cloud should be sandboxed” You can view the full report here
- If you have been working from home, chances are you may have been using Microsoft Teams for your meetings and catch ups. Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. Two of the four bugs discovered affect Microsoft Teams being used on any device and allow for server-side request forgery (SSRF) and spoofing. Whilst the other two impact android users only and allow for user’s IP address leak and allowing DDOS attacks on users and channels. In a statement to Threatpost, Microsoft said the reported bugs do not pose an immediate threat to users. You can read more about the findings here and threatpost report here
- If you have been enjoying cloud security news – be sure to follow and subscribe to Cloud Security News on your favourite podcast platforms. From Feb 2nd, 2022, we will feature Cloud Security News on its own channel only, so to stay updated, subscribe to Cloud Security News and tune in. You can also follow Cloud Security News on Linkedin and Instagram where we bring bite size cloud security news to you in visual format. Some great discussions happening on those pages.
