Cloud Security Podcast

Cloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that  a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.”  Read more about this here. Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here Vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that  AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here Sysdig’s platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here  Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dylan Ayrey (@insecurenature) is a Professional Hacker and Co-Founder of Truffle Security (@trufflesec) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Dylan Ayrey (@insecurenature) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Stu Hirst (Linkedin-Stu Hirst) is the Chief Information Security Officer (CISO) of Trustpilot (@Trustpilot). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Stu Hirst (Linkedin-Stu Hirst) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 12 Jan 2022 UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a handful of cloud providers. A lot of major British banks have partnerships with cloud providers “AWS has announced deals with Barclays and HSBC, while Lloyd Banking Group holds partnerships with Google Cloud and Microsoft Azure.”. There is an increasing concerns about the impacts on the banks should these cloud providers experience outages. You can view the financial times article here Speaking of regulators and how they are dealing with cloud providers, a few weeks ago in December Chinese regulators have “suspended an information-sharing partnership with Alibaba Cloud Computing” over concerns that it failed to promptly report and address a cybersecurity vulnerability. According to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology “Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator”.This comes after, according to Reuters “The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.” From what we understand, there is no statement from Alibaba Cloud on this yet. You can read more about this here. Gartner's Report can be found here. Redhat's Report can be found here. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Fred Wilmot (@fewdisc) is an ex-Veteran and Chief Information Security Officer (CISO) of JumpCloud (@JumpCloud). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Fred Wilmot (@fewdisc) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 5 Jan 2022  Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this here Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”.  They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog here. Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to  set up a backdoor on the compromised host to do cryptomining.  This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. You can see the blog and their findings here. SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. You can view the full report here Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. You can read more about the findings here and threatpost report here Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Or Weis (@OrWeis) co-founder and CEO of Permit.io (@permit_io). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Or Weis (@OrWeis) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security News  - Cloud Security Academy

Cloud Security News this week 22 December 2021 Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week’s episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far. To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues were reported. The latest patch is the third installment 2.17.0 to address a new vulnerability that allow for denial of service attacks. While apache and other organisations rush to remedy and patch these vulnerabilities, an explosion of attacks continue.  Belgium’s defence ministry revealed that it had been forced to shut down parts of its network after a hacker group exploited log4j to gain entry to its systems. Security firm Check Point has been monitoring the situation and, at one point, reported seeing more than 100 Log4J attacks per minute.The hackers are scattered globally. Checkpoint further reported that more than half of the exploits come from well-known hacking groups using it to deploy common malware like Tsunami and Mirai. Sentinel one has reported that “Observed exploit attempts in the wild thus far have led to commodity cryptominer payloads or other known and commodity post-exploitation methods. They expect further opportunistic abuse by a wide variety of attackers, including ransomware and nation-state actors.” The latest apache update is available here. The SentinelOne blog is available here and Checkpoint blog is available here, Whilst we are scrambling to stay on top log4Shell, a few exciting things have occurred in the world of Cloud Security as well, Ermetic announced a $70 million series B funding round. Their platform secures cloud infrastructure by focusing on identity security and reducing the attack surface across a multi-cloud deployment. The platform is expanding its support for Kubernetes container orchestration which they refer to  like the fourth cloud. Learn more about Ermetic here. And in other news Container and cloud security unicorn Sysdig   scored $350 million in a Series G funding. This raises their total funding to $744 million and pushes valuation to $2.5 billion. Sysdig offers security and performance monitoring services tailored toward cloud-native applications and are looking to utilise the latest funding to accelerate the expansion of these services into new markets, increase its headcount and customer base, and invest in research and development. Learn more about Sysdig here

Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about.  Log4j is a  Java library for logging error messages in applications. It was  developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j  exploitation here and Google  cloud is also “is actively following the security vulnerability” and  has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of  all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

Cloud Security News this week 8 December 2021 If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for consoles in all AWS regions were affected by this issue, however customers could  login to consoles other than US-EAST-1 by using an IAM role for authentication. Services impacted include: EC2, Connect, DynamoDB, Glue, Athena, Timestream, and Chime. Most of the services have now recovered and all updates can be viewed here Recently McAfee and FireEye announced the availability of new cloud security capabilities on Amazon Web Services (AWS) as well as integration with the Amazon Inspector vulnerability management service. According to McAfee Enterprise and FireEye, their behavior analysis and machine-learning extended detection and response (XDR) capabilities combined with Amazon Inspector promises to deliver AWS customers greater visibility and protection of cloud-based applications and data. The research team at LightSpin discovered that the Jupiter Notebook instance of SageMaker could reach the Notebook Instance metadata endpoint. For context, having access to the metadata endpoint and requesting access tokens from an over-permissive IAM Role is a very well known SSRF vulnerability in AWS. In this case, the research team reported their finding to AWS and this has been resolved since. You can learn more about this here Zscaler, an  American cloud-based information security company known for their Zscaler private and internet access and now the creators of Zero Trust Exchange platform have now announced the general availability of its new Workload Communications solution, which is part of the Zscaler Zero Trust Exchange. This extends Zero Trust security to workloads and applications hosted in public cloud to eliminate attack surfaces, prevent lateral threat movement, inhibit compromise of workloads, and stop data loss. It also helps IT teams simplify multi-cloud workload connectivity by moving away from traditional IP-based routing and VPNs between cloud environments to expedite enterprises' cloud transformation initiatives. You can learn more about this here. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News  If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy: