All news with #cloud security tag

🌐 Amazon Web Services announced that CloudFront now assigns both IPv4 and IPv6 addresses for Anycast Static IP configurations. Previously limited to IPv4, the change enables dual‑stack deployments so customers can meet IPv6 compliance and reach IPv6‑only end users. IPv6 addresses are available from all edge locations except the AWS China (Beijing) and AWS China (Ningxia) regions operated by partner carriers. Customers should review the CloudFront Developer Guide and pricing for details.

🔧 Workload Manager automates FinOps governance by codifying cost-control policies and enforcing them across Google Cloud environments. It supports both predefined checks (for example, bigquery-missing-labels) and custom rules written in Open Policy Agent (OPA) Rego, allowing organization-, folder-, or project-level scans. Scheduled evaluations can export results to BigQuery, trigger notifications (email, Slack, PagerDuty), and feed Looker Studio dashboards for reporting and trend analysis. New pricing reduces scan costs by up to 95% and includes a small free tier to accelerate adoption.

🔒 ReliaQuest's Q3 2025 telemetry found identity-related weaknesses were responsible for 44% of true‑positive cloud alerts, including excessive permissions, misconfigured roles and credential abuse. The report warns credentials and cloud keys often appear on crime markets — sometimes for as little as $2 — while 99% of cloud identities are reportedly over‑privileged, enabling stealthy access. It also highlights how rapid DevOps deployments can replicate legacy vulnerabilities and urges adoption of short‑lived credentials, strict least‑privilege controls and CI/CD security automation.

🔔 AWS Config has launched 42 new managed rules to help organizations govern security, cost, durability, and operational best practices across AWS environments. You can now search, discover, enable, and manage these rules directly from AWS Config, and apply them account-wide or across an organization, including via Conformance Packs. New checks cover services such as Amazon EKS Fargate, EC2 Network Insights, AWS Glue ML transforms, Amazon Cognito, Lightsail, Amplify, Lambda, RDS, Route53 Resolver, Kinesis Video, and more.

📣 AWS Config conformance packs and organization-level management are now available in additional Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei), and Mexico (Central). Conformance packs let you package managed or custom AWS Config rules into reusable bundles for security, operational, or cost-optimization governance and to monitor compliance scores. You can deploy packs via the AWS Config console, AWS CLI, or AWS CloudFormation. Note that pricing is charged per conformance pack evaluation per account and Region.

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

🔍 Amazon CloudWatch Synthetics now supports running the same canary scripts across Chrome and Firefox in AWS GovCloud (US‑East, US‑West). You can use Playwright‑based or Puppeteer‑based canaries to collect browser-specific performance metrics, success rates, and visual monitoring results while retaining aggregate health views. This helps teams detect and remediate browser compatibility issues faster.

🚀 Mercado Libre leverages Spanner as the core of a developer-facing platform, exposing consistent, globally-scalable transactions through its internal gateway, Fury. Fury abstracts distributed database complexity and serves both relational and key-value workloads. Integration with BigQuery via Data Boost and Change Streams enables near-real-time analytics and reverse ETL to operational systems.

🔔 Google Cloud has made Cost Anomaly Detection generally available to provide an automatic safety net for unexpected cloud spend. Alerts are enabled by default for all projects and delivered to Billing Administrators, with preferences managed in the billing console and direct links to an Anomaly dashboard that shows suspected root causes. The GA release introduces AI-generated thresholds that learn from historical spending, a percentage-deviation filter to keep alerts relevant across project sizes, and cold-start handling so new accounts receive protection immediately. The feature is free and integrates with Cloud Budgets as part of Google Cloud’s FinOps capabilities.

🔔 AWS Config now supports 52 additional AWS resource types across services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. With recording for all resource types enabled, AWS Config will automatically begin tracking these additions and they are available to Config rules and aggregators. You can monitor the new types in all Regions where supported, expanding discovery, assessment, audit, and remediation coverage.

📈 The Amazon CloudWatch agent can now collect detailed performance metrics for NVMe local volumes attached to EC2 instances, including queue depths, I/O sizes, and device utilization. These metrics mirror the detailed statistics available for EBS volumes, enabling a consistent monitoring experience across storage types. You can create CloudWatch dashboards, set alarms, and analyze trends for NVMe-based instance store volumes, and the capability is available for all local NVMe volumes on Nitro-based EC2 instances in AWS Commercial and AWS GovCloud (US) Regions.

📈 You can now monitor Mountpoint operations in observability tools such as Amazon CloudWatch, Prometheus, and Grafana. Mountpoint emits near real-time metrics (request count, request latency, and error types) over the OpenTelemetry Protocol (OTLP), so you can use the CloudWatch agent or an OpenTelemetry collector to publish metrics and build dashboards. Configure Mountpoint at mount time to stream per-EC2-instance metrics for proactive monitoring and faster troubleshooting.

🌐 Amazon RDS now extends IPv6 support to publicly accessible databases, enabling dual-stack (IPv4 and IPv6) connectivity for both RDS and Aurora publicly accessible instances. This builds on existing IPv6 support for privately accessible databases in a VPC and lets teams scale beyond IPv4 address limits and assign contiguous IP ranges to microservices. The feature is available in all AWS regions where private IPv6 RDS is offered, and can be enabled via the AWS CLI or Management Console.

🔒 Microsoft summarizes the top generative AI security risks and mitigation strategies in a new e-book, highlighting threats such as prompt injection, data poisoning, jailbreaks, and adaptive evasion. The post underscores cloud vulnerabilities, large-scale data exposure, and unpredictable model behavior that create new attack surfaces. It recommends unified defenses—such as CNAPP approaches—and presents Microsoft Defender for Cloud as an example that combines posture management with runtime detection to protect AI workloads.

🔧 AWS Clean Rooms now supports advanced runtime configurations to improve Spark SQL query performance. Customers can set Spark properties—such as shuffle partition counts and autoBroadcastJoinThreshold—select compute sizes or custom worker counts, and opt to cache existing or newly created tables containing query results to accelerate complex, large-scale queries. These controls enable collaborators to tune performance, scale, and cost for workloads like advertising lift analysis without changing SQL logic.

🤖 Microsoft is extending Copilot functionality across its Microsoft 365 companion apps, with People and Files already supported and Calendar due in the coming weeks. These taskbar mini-apps—available only to enterprise and business Microsoft 365 customers—surface contextual info like contact details, org-wide search and OneDrive file results. Microsoft says Copilot now offers instant suggestions such as recaps, flagged comments, and updates from top collaborators, and supports seamless handoff to the full Microsoft 365 Copilot app for deeper inquiries. There is no indication that Copilot can be disabled within these companion apps.

🔒 Amazon today introduced the Amazon OCSF Ready Specialization to recognize AWS Partners that have technically validated their software to integrate with OCSF-compatible Amazon services and demonstrated customer success in production. The designation helps customers find pre-validated partner solutions that send or receive logs and security events in the OCSF schema, reducing integration complexity. Partners earn AWS Specialization Program benefits and signature support, including private strategy sessions and AWS guest speaker assistance. The specialization replaces and expands the prior Amazon Security Lake Specialization to broaden standardized security data interoperability.

🔁 AWS Cloud Map now supports cross-account service discovery in AWS GovCloud (US) Regions through integration with AWS Resource Access Manager (AWS RAM). By sharing namespaces, you can allow individual accounts, Organizational Units, or an entire AWS Organization to discover resources such as Amazon ECS tasks, EC2 instances, and DynamoDB tables across accounts. The capability is available now in GovCloud (US-East) and GovCloud (US-West) via Console, API, SDK, CLI, and CloudFormation.

📈 Amazon EBS now emits two new per-volume CloudWatch metrics—VolumeAvgIOPS and VolumeAvgThroughput—providing one-minute average I/O and throughput visibility. These metrics are enabled by default at no extra charge for all EBS volumes attached to EC2 Nitro instances in Commercial Regions, including AWS GovCloud (US) and AWS China. Use them to monitor trends, troubleshoot performance bottlenecks, tune provisioned performance, and build dashboards or alarms to automate responses.

🔔 At the Google Public Sector Summit in Washington D.C., leaders highlighted a shift toward agentic AI and large-scale cloud modernization. Google introduced Gemini for Government, an accredited platform providing an AI Agent Gallery, agent-to-agent protocols, enterprise connectors, and governance controls to deploy and monitor AI agents. Speakers showcased real-world deployments across defense, city, and education sectors, and Google announced expanded partner investments plus an enhanced partnership with NVIDIA to support on-premises and air-gapped environments.