< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 15 of 31

Profiling Cloud Threat Actors via MITRE-Mapped Alerts

🔎 Unit 42 demonstrates a practical method to map cloud alert events to MITRE ATT&CK tactics and techniques and use the resulting alert patterns as operational fingerprints for known threat actors. The study examined alerts from cloud providers, containers, cloud-hosted applications, and SaaS across 22 industries between June 2024 and June 2025. Comparing cybercrime actor Muddled Libra and nation-state group Silk Typhoon, researchers found distinct, identifiable alert fingerprints and recommend proactive monitoring and mitigation, including Cortex Cloud runtime detection.
read more →

Delivering a Secure, Open, Sovereign Digital Future

🛡️ Google Cloud outlines its expanded Sovereign Cloud portfolio—Google Cloud Data Boundary, Google Cloud Dedicated, and Google Cloud Air‑Gapped—to help governments and organizations retain control of unencrypted data, comply with local law, and sustain critical services. The announcement details regional infrastructure and workforce investments worldwide and legal, technical, and operational controls to limit or challenge external data access. It emphasizes open-source compatibility, client-side encryption options, and flexible deployment models that enable third‑party operators and avoid vendor lock‑in.
read more →

AI-assisted breach rapidly compromises AWS environment

⚠️ Researchers at Sysdig uncovered an attack that fully compromised an AWS environment in under eight minutes by exploiting a cloud misconfiguration and using LLMs to accelerate reconnaissance and exploitation. Attackers reused credentials found in public S3 buckets, modified a Lambda function to escalate privileges, moved laterally across numerous principals, and disabled model-call logging in Amazon Bedrock. Security experts warn that AI-enabled automation compresses attack timelines and reduces defenders' reaction windows.
read more →

Network Visibility Trumps Cloud Logs for Multi‑Cloud Defense

🔍 Cloud migrations have introduced dynamic infrastructure, container sprawl, and multi‑cloud complexity that often create blind spots and make cloud-native logs inconsistent. Network-layer telemetry and Network Detection and Response (NDR) offer a consistent, provider-agnostic signal that analysts already know how to read. Combining mirrored traffic, flow logs, TLS metadata, DNS, and container context helps detect exfiltration, C2, cryptomining, and suspicious admin activity. Operationalizing these signals—baseline tuning, egress monitoring, and continuous validation—improves cloud defense.
read more →

AWS adds Related Resources tab for security groups

🔍 AWS is rolling out the Related resources tab for security groups in the Amazon EC2 and VPC consoles, now generally available. The tab consolidates all resources that depend on a specific security group — such as EC2 instances, ENIs, RDS, and ElastiCache — into a single view, reducing the need to check services individually. This streamlines impact assessment before modifying or deleting security groups and is available in all AWS commercial regions at no additional cost.
read more →

Amazon DynamoDB Global Tables Add Multi-Account Replication

🔁 Amazon now enables replication of DynamoDB global tables across multiple AWS accounts and Regions, allowing automatic, multi-Region, multi-account table synchronization. This supports stronger fault tolerance and higher availability during account-level disruptions while enabling workload isolation and distinct security and governance controls. The feature is available in all AWS Regions and follows existing global tables pricing.
read more →

Three Disruptive Cyber Trends Impacting Financial Services

🔍 The financial sector saw cyber incidents more than double in 2025 (864 → 1,858), driven by three dominant trends: surging DDoS campaigns, a sharp rise in data breaches and leaks, and the commercialization of cybercrime-as-a-service. These threats exploited weaknesses in cloud security, identity governance, and third-party risk. Banks and fintechs must accelerate adoption of layered defenses, continuous monitoring, and stronger vendor controls to maintain resilience.
read more →

Cloud Outages Ripple Through Identity and Operations

🔐 Recent large-scale cloud outages affecting providers like AWS, Azure, and Cloudflare have shown how failures in shared infrastructure can incapacitate identity flows and halt business-critical systems. Even when an identity provider remains operational, failures in datastores, DNS, control planes, or load balancers can block authentication and authorization. Organizations should deliberately design resilience—using multi-cloud or controlled on-prem options and predictable degraded modes such as cached attributes or precomputed decisions—to avoid total access collapse.
read more →

AWS Network Firewall Flexible Cost Allocation in GovCloud

💰 AWS Network Firewall now supports flexible cost allocation via AWS Transit Gateway native attachments in AWS GovCloud (US) Regions, enabling centralized inspection charges to be distributed automatically across accounts. Administrators can create metering policies to allocate data processing costs to application teams based on actual usage instead of consolidating expenses in the firewall owner account. The feature is available in GovCloud (US-East) and GovCloud (US-West) and can be enabled through the AWS Management Console, CLI, or SDK. There are no additional fees beyond standard Network Firewall and Transit Gateway pricing.
read more →

Securing AI at Scale: Three Companies' Use of CrowdStrike

🔒 The CrowdStrike Falcon platform delivers unified protection for AI across endpoints, cloud workloads, identities, and data flows, extending proven security principles to machine‑speed operations. By combining a single lightweight sensor with integrated modules, Falcon provides visibility, identity governance, data protection, and continuous monitoring for models and AI agents. Customers use these capabilities to detect misconfigurations early, govern non‑human identities, and prevent sensitive data exfiltration while preserving developer velocity and operational scale.
read more →

Amazon RDS Adds IPv6 Support for VPC Endpoints Service APIs

🌐Amazon RDS now supports IPv6 for VPC endpoints of the RDS Service APIs, enabling dual‑stack (IPv4 and IPv6) connectivity directly within your VPC without traversing the internet. This change expands address capacity, lets you assign contiguous IPv6 ranges to microservices, and provides a safer, phased migration path from IPv4. The feature is available in all commercial AWS regions and AWS GovCloud (US).
read more →

Amazon SageMaker Unified Studio adds PrivateLink access

🔒 Amazon SageMaker Unified Studio can now be accessed through AWS PrivateLink, enabling customers to route traffic between their VPC and Unified Studio without traversing the public internet. Network administrators can onboard SageMaker service endpoints to a VPC and combine them with IAM policies to enforce that customer data remains on the AWS network. The capability is available in all Regions that support Unified Studio, giving customers a built-in option for stronger network isolation.
read more →

AWS Partner Revenue Measurement: Visibility into Usage

📈 AWS announced Partner Revenue Measurement, a capability that gives AWS Partners visibility into how their solutions drive AWS service consumption across partner-managed and customer-managed accounts. Partners tag resources with aws-apn-id and values like pc: to attribute service usage to a Marketplace listing. The feature is generally available in all commercial regions and AWS provides an onboarding guide with implementation and tagging best practices.
read more →

RDS for Oracle: Cross‑Region Replicas Support Extra Storage

🚀 Amazon RDS for Oracle now supports cross-Region replicas configured with additional storage volumes, enabling customers to attach up to three extra volumes of up to 64 TiB each alongside the primary storage. When you create a cross-Region replica, RDS automatically mirrors the same storage layout on the replica, and you can modify volumes on primary and replica via the AWS Management Console, AWS CLI, or AWS SDK without application downtime. This enhancement lets organizations scale database capacity up to 256 TiB and supports promotion or switchover of replicas to meet low RPO and RTO for business-critical workloads.
read more →

Marquis Links Ransomware Breach to SonicWall Cloud Backup

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.
read more →

Accelerate 2026: Future Directions in Secure Networking

🔒 Fortinet's Accelerate 2026 returns to Las Vegas March 9–13, bringing customers, partners, and industry leaders together at the Mandalay Bay Convention Center for keynotes, technical sessions, and an expansive Tech Expo. The event emphasizes an integrated platform approach to secure networking, unified SASE, cloud and OT protection, and AI-enhanced detection and automation. Customer-led sessions from organizations such as Lowe’s, TJX, and ExxonMobil will share practical implementations, while attendees can pursue certifications, hands-on workshops, and the Fortinet Ultimate Fabric Challenge to translate strategy into operational outcomes.
read more →

Amazon Keyspaces Adds Table Pre-warming for Throughput

🚀 Amazon Keyspaces (for Apache Cassandra) now supports pre-warming of tables so customers can proactively prepare new and existing tables for anticipated traffic peaks. The capability works for both provisioned and on-demand capacity modes, including multi-Region replicated tables, and is applied during create or update operations. Pre-warming runs non-disruptively and asynchronously, incurs a one-time charge based on the difference from baseline capacity, and is available in all AWS Commercial and AWS GovCloud (US) Regions where Keyspaces is offered.
read more →

Essential CISO Skills for 2026: Business, AI, Culture

🛡️ In 2026, CISOs must combine business acumen, AI literacy, and culture-building to enable growth and resilience rather than acting as technical gatekeepers. They need to translate complex AI and model risks into clear financial, operational, and reputational terms for boards while prioritizing cloud-native security and secure use of LLMs. Recommended credentials include (ISC)² CISSP, CCSP, and leadership programs, but practical experience, cross-functional influence, and low-cost learning tactics like peer communities and internal learning loops are often decisive.
read more →

Palo Alto Networks Introduces Quantum-Safe Security

🔐 Palo Alto Networks announced Quantum-Safe Security, a continuous solution to discover, assess and remediate enterprise cryptographic risk as organizations migrate to post-quantum standards. The offering ingests telemetry from PAN-OS NGFW, Prisma Access and third-party systems to build a real-time Cryptographic Bill of Materials (CBOM), prioritize harvest-now, decrypt-later exposure, and automate remediation—including cipher translation at the network edge. General availability is expected on January 30, 2026.
read more →

CNAPP Buying Guide — Vendors, Capabilities, and Costs

🔒 This CNAPP buying guide outlines the cloud-native application protection category, its core components and expanded coverage areas. It explains the four foundational elements—CIEM, CWPP, CASB and CSPM—and highlights extensions such as IaC, container, API and supply-chain security. The guide compares major vendors, their focal points, notable integrations and pricing models, and concludes with five practical questions organizations should ask before buying.
read more →