All news with #cloud security tag

🚀 Azure Storage outlines strategic investments for 2026 focused on accelerating AI and agentic workloads. The post highlights expanded scale for model training and inference, including Blob scaled accounts, Azure Managed Lustre (AMLFS) with Preview support for 25 PiB and high throughput, and deeper integrations with frameworks like Foundry, Ray, and LangChain. It also emphasizes block storage advances such as Elastic SAN, the Kubernetes-native ACStor operator and open sourcing, plus performance and availability improvements for mission‑critical SAP and trading platforms. The roadmap stresses energy and supply-aware efficiency, curated AI dataset experiences, and partner co‑engineering to lower TCO and accelerate customer adoption.

🔒 AWS has expanded Resource Control Policies (RCPs) to include support for Amazon Cognito and Amazon CloudWatch Logs. RCPs let organizations centrally set the maximum permissions available to resources, enabling consistent baseline controls and a stronger data perimeter. Administrators can now create policies to prevent identities outside their organization from accessing Cognito resources or log groups. This update is available in all AWS commercial Regions and AWS GovCloud (US) Regions.

🔒 New research from Pentera Labs shows that internal testing, demo, and training applications left in default or misconfigured states are being used as entry points into enterprise cloud environments. The team found popular vulnerable apps such as Hackazon, DVWA, and OWASP Juice Shop exposed on major cloud platforms and sometimes tied to overly permissive IAM roles. Attackers have leveraged these exposures to deploy crypto miners, webshells, and persistence mechanisms; Pentera recommends inventorying assets, enforcing least privilege, isolating labs from production, and expiring temporary test environments.

☁️ The 2026 State of Cloud Security Report, based on a survey of 1,163 senior cybersecurity leaders, identifies a growing "complexity gap" between cloud growth and defensive capability. It cites three drivers: fragmented defenses, understaffed teams, and threats operating at machine speed, and quantifies readiness shortfalls across detection, response, and visibility. Respondents favor consolidation — 64% would design security around a single-vendor platform to improve integration, accelerate response, and reduce operational friction.

⚠️ A recent Pentera investigation discovered nearly 2,000 intentionally vulnerable security-testing web applications (DVWA, OWASP Juice Shop, Hackazon, bWAPP) exposed on the public internet, often running from overly privileged cloud accounts on AWS, GCP and Azure. Attackers exploited these instances to deploy crypto miners, install webshells and create persistence mechanisms, then pivot to sensitive cloud resources. Affected vendors including Cloudflare, F5 and Palo Alto Networks were notified and remediated issues. Pentera recommends inventories, isolation of test systems, enforcement of least-privilege IAM, and elimination of default credentials.

🧠 Check Point researchers say VoidLink, a modular Linux malware family targeting cloud servers, appears to have been largely generated and orchestrated by AI. The toolkit contains over 30 plugins for persistence, stealth and remote control. An exposed development plan and timestamps suggest a single operator used AI agents to plan sprints, generate design documents, probe guardrails and iteratively produce working code within weeks.

🚀 AWS Glue is now available in the Asia Pacific (New Zealand) Region, enabling customers to build and run ETL workloads closer to their data sources. The AWS Glue serverless data integration service offers both visual and code-based interfaces to discover, prepare, and combine data for analytics, machine learning, and application development. This regional launch reduces latency, eases data residency compliance, and accelerates time-to-insight for New Zealand workloads.

🔔 Amazon RDS for Oracle now supports bare metal instances with Bring Your Own License (BYOL) for Oracle Standard Edition 2. Supported bare metal families include M7i, R7i, X2iedn, X2idn, X2iezn, M6i, M6id, M6in, R6i, R6id, and R6in, offered at a 25% lower price than equivalent virtualized instances. Bare metal provides full visibility into CPU cores and sockets, which may reduce licensing and support costs—consult your legal or licensing partner to confirm eligibility. Bare metal is also available for Oracle Enterprise Edition under BYOL; check RDS pricing and region availability for specific configurations.

🔒 Orphan accounts — abandoned human, service, and AI‑agent identities — create persistent, unseen access across applications, platforms, assets, and cloud consoles. These dormant accounts often evade traditional IAM and IGA tools due to integration gaps, unclear ownership, and proliferation of non‑human identities. Continuous identity audit using application telemetry and a unified audit trail can detect, flag, and automatically remediate or decommission orphaned accounts. Orchid positions its Identity Audit as connective evidence to inform IAM decisions.

⚠️ Recent analysis highlights that major DevOps SaaS platforms (e.g., GitHub, Jira, Azure DevOps) experienced widespread incidents in 2024–2025, with critical outages and degraded-service hours increasing sharply year‑over‑year. The piece argues the Shared Responsibility model leaves customers ultimately accountable for their data, and that native provider backups often create single points of failure with limited restore flexibility. It recommends multi‑layered, immutable backups, cross‑restore capability, defined RTO/RPOs, and continuous recovery testing to reduce financial, operational, and compliance risk.

🔐 Rona Michele Spiegel transitioned from an arts and multimedia background into cybersecurity by blending early human-computer interface work with formal study and hands-on industry experience. She helped establish a user experience practice at Deloitte, worked in technology governance at Cisco, earned a Master of Information and Cybersecurity, and later focused on cloud controls at Wells Fargo before joining Autodesk to lead security and trust for mergers and acquisitions. Spiegel emphasizes careful risk assessment in M&A—especially when absorbing small, resource-constrained companies—while navigating AI-driven complexity, addressing hiring and entry-level gaps, and preventing burnout through inclusive leadership and mentoring.

🔒 In conversations with Southeast Asia CISOs, leaders forecast 2026 as a year when AI and cloud become prime attack surfaces, forcing a shift from perimeter defenses to identity- and resilience-centered strategies. They emphasize hardening cloud and AI infrastructure, treating identity as the active perimeter, instrumenting browsers and agents for forensic clarity, and operationalizing resilience both as capability and — in some financial institutions — as a product. Supply‑chain fragility, agentic AI autonomy, session hijacking, and IT‑OT convergence are highlighted as priority risks demanding continuous verification, scoped agent controls, and stronger vendor governance.

🚀 AWS has expanded availability of its EC2 High Memory U7i instances into additional regions. New placements include U7i-6tb.112xlarge in Asia Pacific (Thailand, Sydney, Singapore), Canada (Central) and AWS GovCloud (US‑East); U7i-8tb.112xlarge in South America (Sao Paulo); and U7in-16tb.224xlarge in AWS GovCloud (US‑East). These 7th‑generation instances use custom 4th‑gen Intel Xeon (Sapphire Rapids), provide 6–16 TiB of DDR5 memory, up to 896 vCPUs, 100–200Gbps networking, EBS throughput and ENA Express, and are targeted at mission‑critical in‑memory databases such as SAP HANA, Oracle and SQL Server.

🔧 Amazon Redshift Serverless introduces queue-based query resource management. You can create dedicated query queues with customized monitoring rules and metrics-based predicates to control workload behavior, including automated responses such as aborting long-running or resource-heavy queries. Queues are assignable to user roles and query groups and operate independently, replacing prior workgroup-wide QMR. The feature is available in all regions that support Redshift Serverless and can be managed via the AWS Console and Redshift APIs.

📊 AWS Data Exports now surfaces granular operation types for Amazon Bedrock in cost reports, replacing generic "Usage" labels with explicit operations such as InvokeModelInference and InvokeModelStreamingInference. These operation values appear in the line_item_operation column for Legacy CUR and CUR 2.0, the x_Operation column in FOCUS exports, and as Operation dimension values in the AWS Cost Explorer API. The change applies to all foundation models on Bedrock and is intended to help FinOps and cost optimization teams analyze and optimize model-driven spend.

📊 AWS Data Exports now surfaces granular Amazon Bedrock operation types in billing outputs, replacing generic "Usage" labels with explicit actions such as InvokeModelInference and InvokeModelStreamingInference. These operation values appear in Legacy CUR and CUR 2.0 via the line_item_operation column, in FOCUS exports via x_Operation, and as Operation dimension values in the Cost Explorer API. The visibility applies across all Bedrock foundation models and is intended to help FinOps and cost optimization teams perform more precise usage tracking and billing analysis.

🔒 In the CEO Outlook 2026 survey, Trend Micro CEO Eva Chen describes how rapid AI adoption and expanding cloud footprints are transforming the cyberthreat landscape and elevating business risk. She flags rising ransomware, supply-chain exposures and AI-enabled attacks, and urges firms to prioritize automation, XDR and cloud security. Chen also stresses the role of channel partners and talent development in building resilience against increasingly sophisticated threats.

🛡️ Researchers at Check Point disclosed VoidLink, a sophisticated modular malware framework targeting Linux servers and containers in cloud environments. Written primarily in Zig with supporting components in Go, C, and JavaScript, the platform uses a two-stage loader and an extensible plugin ecosystem (37 built-in modules) delivered via a professional web-based C2 dashboard to harvest credentials and access source code systems. It detects major cloud providers and container runtimes, adapts evasion strategies based on detected EDR and kernel hardening, and employs rootkits and covert C2 channels to maintain stealthy, long-term access.

🔒 Amazon VPC IPAM now supports centrally managed IP allocation policies for RDS instances and ALB resources, enabling administrators to enforce public IP assignment rules. The policies cover RDS, Application Load Balancers, NAT Gateways in regional mode, and Elastic IPs and cannot be overridden by application teams, improving compliance. Available in all AWS commercial and GovCloud (US) Regions, the capability is offered in both IPAM Free and Advanced tiers; the Advanced tier supports cross-account and cross-region policy application.

🚀 Amazon has made MSK Connect available in three additional AWS Regions: Asia Pacific (New Zealand), AWS GovCloud (US-East), and AWS GovCloud (US-West). MSK Connect provides fully managed Kafka Connect clusters to deploy, monitor, and scale connectors that move data between Apache Kafka/Amazon MSK and external systems. The service supports both Amazon MSK-managed and self-managed Kafka clusters, scales automatically, and uses a pay-for-what-you-use model. With this launch, MSK Connect is now available in 38 AWS Regions.