Cloud Security Archives

SECURITYWEEK NETWORK:

Security Experts:

Hi, what are you looking for?

Cloud Security

Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Eduard KovacsJanuary 31, 2023

Cloud Security

VMware Plugs Critical Code Execution Flaws

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Ryan NaraineJanuary 24, 2023

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Ionut ArghireJanuary 19, 2023

Application Security

Credential Leakage Fueling Rise in API Breaches

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Kevin TownsendJanuary 19, 2023

Cloud Security

Azure Services SSRF Vulnerabilities Exposed Internal Endpoints, Sensitive Data

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Ionut ArghireJanuary 17, 2023

Application Security

Tesla Returns as Pwn2Own Hacker Takeover Target

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Ryan NaraineJanuary 12, 2023

Cloud Security

Apple Scraps CSAM Detection Tool for iCloud Photos

Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it...

Ryan NaraineDecember 8, 2022

Cloud Security

CloudSEK Blames Hack on Another Cybersecurity Company

Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee’s Jira...

Ionut ArghireDecember 8, 2022

Audits

Apple Adding End-to-End Encryption to iCloud Backup

Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud...

Ryan NaraineDecember 7, 2022

Application Security

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into...

Ryan NaraineDecember 7, 2022

Application Security

Investors Pour $200 Million Into Compliance Automation Startup Drata

High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values...

Ryan NaraineDecember 7, 2022

Cloud Security

Online Event Today: Security Operations Summit

SecurityWeek VideoDecember 6, 2022

Cloud Security

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks

Researchers at firmware and hardware security company Eclypsium have identified several potentially serious vulnerabilities in baseboard management controller (BMC) firmware made by AMI (American...

Eduard KovacsDecember 6, 2022

Application Security

Balance Theory Scores Seed Funding for Secure Workspace Collaboration

Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding...

Ryan NaraineDecember 5, 2022

Cloud Security

IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks

IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.

Eduard KovacsDecember 2, 2022

Application Security

Investors Double Down on Pangea Cyber API Security Bet

Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round...

Ryan NaraineDecember 1, 2022

Application Security

One Year Later: Log4Shell Remediation Slow, Painful Slog

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a...

Ryan NaraineNovember 30, 2022

Application Security

Project Zero Flags ‘Patch Gap’ Problems on Android

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...

Ryan NaraineNovember 28, 2022

Page 3 of 129‹ Previous 1 234 5 6 7 Next ›Last »

SECURITYWEEK NETWORK:

Security Experts:

Cloud Security

Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

Cloud Security

VMware Plugs Critical Code Execution Flaws

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

Application Security

Credential Leakage Fueling Rise in API Breaches

Cloud Security

Azure Services SSRF Vulnerabilities Exposed Internal Endpoints, Sensitive Data

Application Security

Tesla Returns as Pwn2Own Hacker Takeover Target

Cloud Security

Apple Scraps CSAM Detection Tool for iCloud Photos

Cloud Security

CloudSEK Blames Hack on Another Cybersecurity Company

Audits

Apple Adding End-to-End Encryption to iCloud Backup

Application Security

Big Tech Vendors Object to US Gov SBOM Mandate

Application Security

Investors Pour $200 Million Into Compliance Automation Startup Drata

Cloud Security

Online Event Today: Security Operations Summit

Cloud Security

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks

Application Security

Balance Theory Scores Seed Funding for Secure Workspace Collaboration

Cloud Security

IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks

Application Security

Investors Double Down on Pangea Cyber API Security Bet

Application Security

One Year Later: Log4Shell Remediation Slow, Painful Slog

Application Security

Project Zero Flags ‘Patch Gap’ Problems on Android

Featured

Cybercrime

UN Experts: North Korean Hackers Stole Record Virtual Assets

Vulnerabilities

Vulnerability Provided Access to Toyota Supplier Management Network

Ransomware

VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks

Funding/M&A

SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022

Cyberwarfare

US Downs Chinese Balloon Off Carolina Coast

Nation-State

Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op

Cybersecurity Funding

Cyber Insights 2023: Venture Capital

Latest News

Cybercrime

Minister: Cybercrimes Now 20% of Spain’s Registered Offenses

Funding/M&A

Skybox Security Raises $50M, Hires New CEO

Cyberwarfare

Spies, Hackers, Informants: How China Snoops on the US

Cybercrime

Australian Man Sentenced for Scam Related to Optus Hack

Vulnerabilities

Chrome 110 Patches 15 Vulnerabilities

Application Security

Application Security Protection for the Masses

Privacy

Tor Network Under DDoS Pressure for 7 Months