< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 14 of 31

Amazon EC2 R8i and R8i-flex Now in Europe (Ireland)

🚀 Amazon Web Services has launched EC2 R8i and R8i-flex instances in Europe (Ireland), powered by custom Intel Xeon 6 processors exclusive to AWS. These memory-optimized instances deliver up to 15% better price-performance and 2.5x more memory bandwidth versus previous Intel-based generations, with workload-specific gains for PostgreSQL, NGINX, and AI recommendation models. R8i includes 13 sizes including bare-metal and a new 96xlarge, while R8i-flex provides common memory-optimized sizes from large to 16xlarge to help right-size deployments.
read more →

Amazon Aurora MySQL 3.12 (MySQL 8.0.44) Released Now

🔒 Amazon has released Aurora MySQL-Compatible Edition 3.12 with MySQL 8.0.44, delivering security enhancements, numerous bug fixes, and availability improvements for Aurora clusters. Administrators can initiate a manual minor version upgrade or enable Auto minor version upgrade during DB cluster creation or modification to receive the update. The release is rolled out in all AWS regions that support Aurora MySQL. Aurora continues to offer built-in security, continuous backups, serverless options, and multi-Region replication.
read more →

EventBridge Scheduler Emits Resource Count Metrics

📈 Amazon now emits resource count metrics from EventBridge Scheduler to CloudWatch, enabling teams to track the approximate number of schedules and schedule groups in an account. The metrics surface usage trends and indicate when you are approaching service quota limits so you can request increases before capacity is exhausted. These metrics are available at no extra cost in all AWS Regions, including AWS GovCloud.
read more →

Amazon MSK Now Supports Dual-Stack IPv4 and IPv6 Access

🌐 Amazon MSK now supports dual-stack IPv4 and IPv6 connectivity for existing MSK Provisioned and MSK Serverless clusters. Customers can enable dual-stack via the Amazon MSK Console, AWS CLI, SDKs, or CloudFormation by changing the cluster Network Type; MSK provisions IPv6-enabled interfaces while preserving IPv4 to avoid service disruption. For Provisioned clusters, use the GetBootstrapBrokers API to retrieve new IPv6 bootstrap broker strings. Dual-stack is available in all Regions where MSK is offered and incurs no additional cost.
read more →

Check Point Leads GigaOm Cloud Network Security Radar

🔐 Check Point has been named a Leader in the GigaOm Radar for Cloud Network Security for the third consecutive year. CloudGuard Network Security delivers an open-garden, cloud-agnostic architecture with integrations across 22 public and private cloud vendors, enabling consistent policy enforcement and centralized controls. The solution is positioned for budget-minded IT teams seeking to reduce multi-cloud complexity, maintain geographic compliance, and mitigate AI-powered cyber threats by foreign actors through consolidated visibility and automation.
read more →

AWS HealthImaging Adds Granular CloudWatch Storage Metrics

📈 AWS HealthImaging now provides additional Amazon CloudWatch metrics to monitor storage at both the account and individual data store levels. Customers can track storage volume, the number of image sets, and counts of DICOM studies, series, and instances to understand growth trends. These granular metrics support management of single-tenant and multi-tenant workloads at petabyte scale and are available in select AWS Regions.
read more →

Weekly Recap: Add-in Hijack, Zero-Days, and Cloud Abuse

🔒 This weekly recap shows how small, trusted gaps are becoming major entry points — from a hijacked Outlook add-in (AgreeTo) turned into a phishing kit that stole over 4,000 Microsoft credentials to multiple actively exploited zero-days in Chrome and Apple platforms. It also covers a critical BeyondTrust RCE under active exploitation, new Linux botnet activity abusing SSH, and cloud-focused campaigns targeting exposed Docker, Kubernetes, and Redis instances. Attackers are combining legacy techniques, cloud misconfigurations, and AI assistance to scale access and persistence.
read more →

BSI and Schwarz Digits Partner on Sovereign Cloud Solutions

🔒 A strategic partnership between the Federal Office for Information Security (BSI) and Schwarz Digits, the IT arm of the Schwarz Group, was announced at the Munich Security Conference to develop sovereign cloud solutions for German public administration. The organizations said they will jointly build control layers and secure systems to protect critical data and enhance cybersecurity situational awareness. The collaboration aims to strengthen technological independence and improve resilience against hybrid threats. Both parties framed the effort as part of a broader push for digital sovereignty in Germany and Europe.
read more →

Amazon Bedrock adds PrivateLink for OpenAI-compatible

🔒 Amazon Bedrock now supports AWS PrivateLink for the bedrock-mantle endpoint, enabling private network access to OpenAI API-compatible service endpoints. The bedrock-mantle endpoint is powered by Project Mantle, a distributed inference engine that simplifies model onboarding and delivers serverless, high-performance inference with QoS controls and higher default quotas. This expansion gives enterprises a private connectivity option across multiple AWS Regions for building and scaling generative AI applications.
read more →

AWS Expands Resource Control Policies to DynamoDB Service

🔐 AWS has added Amazon DynamoDB to the set of services supported by Resource Control Policies (RCPs), enabling organizations to centrally constrain the maximum permissions available to resources. Administrators can now use RCPs to block identities outside their AWS Organization from accessing DynamoDB, helping enforce a data perimeter and baseline security standards. RCPs are available in all AWS commercial Regions and AWS GovCloud (US) Regions.
read more →

Securing Your AI Transformation: Check Point's Approach

🔒 Check Point outlines a strategy to help security teams regain control as AI accelerates attacks and transforms workflows. Rather than piling on tools, organizations must revalidate foundational controls across network, endpoint, email, SASE and cloud, and adopt prevention-first architectures. Check Point offers integrated visibility, unified policy management, threat intelligence and AI-aware controls to harden environments and streamline operations.
read more →

Ephemeral Infrastructure Paradox: Strengthen Identity

🔒 Modern cloud environments create vast numbers of short-lived machine identities that outnumber humans and often remain unmanaged. The author argues that traditional, ticket-driven identity governance is inadequate for ephemeral workloads and supply-chain tooling, exposing organizations to “zombie” service accounts and credential theft. The recommended response is a shift to cryptographic workload identity (e.g., SPIFFE and workload attestation), elimination of long-lived static credentials via short-lived tokens and OIDC Federation, and automated entitlement pruning using CIEM to restore least-privilege without slowing engineering velocity.
read more →

AWS Lake Formation expands cross-account sharing at scale

⚙️ AWS Lake Formation now supports enhanced cross-account sharing, enabling centralized permission management for catalogs, databases, tables, and columns across multi-account analytics environments. The update removes prior per-resource association limits by using a single AWS Resource Access Manager resource share with wildcard patterns; administrators should upgrade to cross-account version 5 to adopt the new behavior. Existing shares and Lake Formation APIs remain compatible.
read more →

Exposed Training Apps Open Cloud Accounts to Abuse

🔓 Pentera Labs identified nearly 2,000 intentionally vulnerable training and demo applications exposed on public cloud infrastructure, many linked to active cloud identities and overly permissive roles. Tools such as OWASP Juice Shop and DVWA were frequently deployed with default settings and minimal isolation, allowing attackers to install crypto-miners, webshells, and persistence tooling. The findings warn that labeling environments as training does not remove their real-world risk when they are publicly accessible and integrated with privileged cloud accounts.
read more →

EU Clears Google's $32B Wiz Deal, Intensifying Cloud Security Competition

🔒 The European Commission has given unconditional approval for Google's $32 billion acquisition of cloud security vendor Wiz, removing a major regulatory hurdle. The clearance lets Google Cloud fold Wiz's multi‑cloud security capabilities into its stack while regulators found no meaningful competition harm. Analysts warn the tie-up could accelerate hyperscaler-led security consolidation, raise long-term lock-in risks, and shift incentives away from cloud neutrality.
read more →

Amazon Bedrock AgentCore Browser Adds Proxy Support

🔒 Amazon Bedrock AgentCore Browser now accepts customer-provided proxy configurations, allowing organizations to route browser sessions through corporate or regional proxy infrastructure for geo-targeting, compliance, and stable egress addresses. The feature supports both HTTP and HTTPS protocols and integrates with AWS Secrets Manager for secure credential management. It is available in all 14 regions where AgentCore Browser is offered.
read more →

GDC air-gapped 1.15: New networking and IPAM features

🔒 Google Distributed Cloud (GDC) air-gapped 1.15 introduces networking updates that give regulated environments more control, visibility, and scalability while preserving isolation. Preview features include Cloud NAT for configurable egress IPs and timeouts, enhanced connectivity enabling standard clusters to reach organizational workloads securely, and HTTP/HTTPS load balancer health checks for application-level monitoring. IPAM's subnet group capability (GA) simplifies subnet scaling by letting child subnets reference multiple parent subnets.
read more →

Amazon EKS Auto Mode Adds CloudWatch Vended Logs Support

📥 Amazon Elastic Kubernetes Service (EKS) Auto Mode can now deliver logs via Amazon CloudWatch Vended Logs. Customers can configure each managed capability—compute autoscaling, block storage, load balancing, and pod networking—as a vended log source using the CloudWatch APIs or the AWS Console. Logs can be routed to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. This option uses built‑in AWS authentication and authorization and can reduce delivery cost versus standard CloudWatch Logs.
read more →

Amazon Redshift Lets Autonomics Use Extra Compute Resources

⚙️ Amazon Redshift now lets administrators allocate extra compute specifically for its automatic optimization features, or autonomics, so tasks such as Automatic Table Optimization (ATO), Automatic Table Sorting (ATS), Auto Vacuum, and Auto Analyze can run reliably during peak user activity. This avoids the need to pause or schedule manual maintenance windows. A cost-control setting limits resources for autonomics on provisioned clusters, and the new SYS_AUTOMATIC_OPTIMIZATION system table improves observability for both provisioned clusters and serverless workgroups.
read more →

Cloud Cost Optimization Strategies for Healthcare Leaders

💡 As healthcare organizations layer AI-driven analytics, clinical decision support and automation onto complex IT environments, cloud costs are becoming harder to predict and control. Experts advise combining disciplined FinOps practices with clear cloud cost governance that aligns technical choices with clinical, operational and financial priorities. Key steps include centralized visibility, automation to detect waste, and risk-based workload placement across cloud, on-premises and edge.
read more →