All news with #cloud security tag

🔎 Check Point Research has identified a modular Linux malware framework, VoidLink, linked to Chinese-speaking developers and designed to target cloud and container environments. The framework includes custom loaders, implants, rootkits and over 30 plugins supporting reconnaissance, lateral movement, persistence and anti-forensic techniques. It detects AWS, GCP, Azure, Alibaba and Tencent and can enumerate containers, hypervisors and orchestration platforms. No live infections have been confirmed, but documentation suggests commercial intent and active development.

🛡️ Check Point Research describes VoidLink, a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints. Its modular, plug-in-driven design enables attackers to extend capabilities over time while remaining quiet. Adaptive stealth allows the framework to alter behavior based on defensive visibility, prioritizing evasion in monitored environments and speed where visibility is limited.

🛡️ Check Point Research disclosed a previously undocumented Linux malware framework named VoidLink, designed for long-term stealthy access to cloud and container environments. The cloud-native toolkit is highly modular, written in Zig, and comprises custom loaders, implants, rootkits, and an in-memory plugin system with more than 30 modules. It supports diverse C2 channels (HTTP/HTTPS, WebSocket, ICMP, DNS), peer-to-peer mesh networking, and automated cloud discovery across AWS, GCP, Azure, Alibaba, and Tencent. Check Point assesses the framework as actively maintained and attributes it to China-affiliated actors, warning of significant credential-theft and supply-chain risks for cloud-native ecosystems.

🔐 In 2026 CISOs are balancing core security tasks with urgent AI-related challenges. Strengthening data protection, securing cloud and enterprise AI deployments, and improving identity and access management rank high. Leaders are preparing for AI-enabled attacks, rolling out AI to accelerate security operations, and addressing shadow AI and third-party risks to bolster resilience and supply-chain security.

🔍 Amazon EMR Serverless now supports job run-level cost allocation, enabling organizations to attribute charges to individual job runs rather than only at the application level. You can filter and analyze costs by job run IDs and cost allocation tags in AWS Cost Explorer and Cost and Usage Reports to get finer-grained visibility. This makes it easier to track costs by domain, run per-job benchmarks, and target cost optimizations more precisely.

🔍 Hackensack Meridian Health used VPC Flow Logs and Flow Analyzer to obtain precise, end-to-end visibility of Cloud Interconnect traffic before a major Google Cloud network migration. They enabled VLAN-attachment flow logs, aggregated ingress/egress flows (IPs, ports, bytes, timestamps), and organized results into sankey diagrams mapping data center → region → VPC → application. This process revealed critical flows early and shortened incident detection to 3 minutes and resolution to 5 minutes, materially de-risking the cutover.

🏆 AWS was named a Leader in the 2025 ISG Provider Lens Quadrant report for Sovereign Cloud Infrastructure Services (EU). ISG evaluated 19 providers and rated AWS highest on portfolio attractiveness while also assessing strong competitive strength. The report highlights AWS’s sovereign-by-design architecture, data residency controls, granular access restrictions, encryption, and resilience. It emphasizes regional independence and resilience to meet European digital sovereignty and compliance needs.

🗺️ Amazon DocumentDB (with MongoDB compatibility) is now available in the Asia Pacific (Jakarta) region, allowing teams to run document workloads closer to users. The fully managed JSON database provides automatic storage scaling up to 128TiB and supports millions of requests per second with fast scaling to 15 low‑latency read replicas and no application downtime. It integrates with AWS DMS, CloudWatch, CloudTrail, Lambda and AWS Backup, and clusters can be created via the AWS Management Console, CLI, or SDK to streamline migration and operations.

🛡️ The new BSI portal lets companies register as NIS2 entities and report significant IT security incidents to the Federal Office for Information Security. Launched after NIS2 took effect in Germany in early December, the platform provides risk-analysis tools, legal guidance for registrants and access to the Alliance for Cyber Security. Hosted on AWS, it aims to deliver real-time data, daily situation reports and anonymous vulnerability reporting, though the cloud choice has attracted criticism over digital sovereignty.

🛡️ AWS has introduced a simplified onboarding Quickstart for AWS Client VPN that reduces endpoint setup to three required inputs: IPv4 CIDR, server certificate ARN, and subnet selection. The Quickstart provides pre-defined default configurations so teams can create endpoints quickly and immediately download the client configuration to connect. It is offered alongside the existing Standard Setup and is suggested automatically when a VPC is created. The workflow is available at no additional cost in Regions where Client VPN is generally available.

☁️Amazon Managed Workflows for Apache Airflow (MWAA) now supports creating Apache Airflow 2.11 environments and offers support for Python 3.12. Airflow 2.11 introduces trigger-based scheduling for delta intervals and consistent metric reporting in milliseconds to help prepare for an upgrade to Airflow 3. You can launch new 2.11 environments from the AWS Management Console in all currently supported MWAA regions.

🔍 As organizations embed AI and distribute workloads across cloud and edge environments, traditional security tooling increasingly misses hidden misconfigurations, inconsistent controls, and emergent AI-agent behaviors. Experts advise moving from reactive, tool-stacked approaches to a unified visibility strategy that normalizes telemetry, aligns people/processes/data, and continuously evaluates agentic behavior. Practical steps include using existing FinOps metrics, tagging, and cross-team audits to reveal anomalies, and applying AI-driven automation to integrate and extend current investments. A modern CMDB and enterprise knowledge graphs provide the contextual backbone needed for AI to correlate signals and surface risk without expanding the security stack.

🔒 Check Point now supports Google Cloud Network Security Integration, offering a nondisruptive approach to deploying cloud firewalls that minimizes downtime and avoids performance degradation. The integration enables organizations—particularly in regulated sectors such as financial services, healthcare, and government—to scale hybrid network security while preserving latency and throughput. It simplifies deployment, centralizes policy management, and helps maintain compliance without rearchitecting existing networks.

🔍 This special report helps IT leaders align near-term planning with 2026 priorities by emphasizing greater agility, flexibility, and measurable business outcomes. It stresses the need to automate, streamline, and modernize IT operations to counter skills shortages and meet rising demand. Four feature pieces examine strategy beyond AI, the cost of cloud fragility, how AI agents reshape supply chains, and AI's implications for cybersecurity.

🚀 VM Extensions Manager is now available in preview as part of the compute.googleapis.com API, enabling administrators to centrally define policies that install and manage Google-provided extensions across VM fleets. The preview supports zonal project policies and key agents — Cloud Ops Agent (ops-agent), Agent for SAP (sap-extension), and Agent for Compute Workload (workload-extension) — with options to pin versions or use automatic rollouts. Policies are enforced by a progressive rollout engine, and Google will expand global, Organization, and Folder-level policy support in the coming months.

🔍 AWS Resource Explorer is now available in the Asia Pacific (New Zealand) Region. This rollout lets customers search for and discover AWS resources across Regions and accounts using the console, AWS CLI, SDKs, or the unified search bar in the Management Console. Administrators can enable the service in the AWS Resource Explorer console to centralize asset discovery and streamline operations across their organization. AWS also provides documentation and region availability guidance to assist setup and adoption.

📢 AWS Transfer Family is now available in AWS Asia Pacific (New Zealand), providing fully managed, production-ready file transfer endpoints for Amazon S3 and Amazon EFS. It supports SFTP, FTP, FTPS and AS2, and enables event-driven automation for common managed file transfer (MFT) workflows. Customers can modernize business-to-business transfers, reduce operational overhead, and address latency and data residency requirements.

🔒 As AI hype settles, CISOs are refocusing 2026 priorities on resilience, rapid detection, and measurable outcomes. They favor engineering-driven architecture for cloud stability, AI-enabled orchestration to cut dwell time, and broad identity and privilege governance for human and non-human accounts. Visibility and SaaS discovery will curb shadow AI use, while security baked into agentic AI and post-quantum preparedness (cryptographic inventories and vendor roadmaps) become essential. Turning security into a visible trust signal and linking spend to ROI rounds out the agenda.

📊 AWS has added Spot interruption metrics to EC2 Capacity Manager, giving cloud teams clearer visibility into Spot instance behavior across accounts, regions, and availability zones. The feature introduces three metrics—Spot Usage Total Count, Spot Total Interruptions, and Spot Interruption Rate—showing how many Spot instances or vCPUs ran, how many were interrupted, and the interruption percentage. This capability is enabled by default in all commercial AWS Regions at no additional cost.

🔒 A Qualys survey and analysis of roughly 44 million public-cloud VMs highlights widespread misconfiguration: 45% of AWS, 63% of GCP and 70% of Azure instances showed issues. Respondents reported breaches and identified misconfigured services as a leading cloud risk. Experts cite neglected logging, monitoring and MFA, rushed M&A integrations and understaffed small firms as common causes. The piece recommends concrete controls — from Infrastructure as Code and continuous scanning to private networking and least-privilege — to reduce exposure.