< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 20 of 31

Azure Networking: Security, Resilience, and AI-scale

☁️ Azure announces networking enhancements focused on security, resiliency, and AI-scale infrastructure. The update highlights zone-redundant NAT Gateway V2, expanded throughput options including ExpressRoute 400G and higher-performance VPN gateways, and advanced security features such as DNS Security Policy with Threat Intel and JWT validation in Application Gateway. Improvements to AKS container networking, Private Link Direct Connect, and Virtual WAN forced tunneling aim to simplify secure hybrid and AI deployments.
read more →

VPC Flow Logs for Cross-Cloud VPN and Interconnect

🔍 Google Cloud has extended VPC Flow Logs to cover Cloud VPN tunnels and VLAN attachments for Cloud Interconnect and Cross-Cloud Interconnect, giving operators fuller visibility into hybrid and cross-cloud traffic. New gateway annotations (reporter and gateway object) add directional context and gateway metadata while logs retain 5-tuple granularity for precise flow identification. Use these logs to find elephant flows, audit Shared VPC hybrid bandwidth, validate DSCP markings, and troubleshoot on-prem-to-cloud connectivity. Logs integrate with Flow Analyzer for in-context analysis, connectivity tests, and natural-language queries.
read more →

AWS Transform Adds Reimagine Capabilities for Mainframe

🔍 AWS announced new AWS Transform for mainframe reimagine capabilities that add data and activity analysis, business logic extraction, and intelligent code decomposition to support migration to cloud-native architectures. The service provides a comprehensive reverse-engineering workflow including automated code and data structure analysis and technical documentation generation. An AI-powered chat interface lets users choose predefined job plans—full modernization, analysis focus, or business-logic focus—or compose custom workflows. These capabilities are available today in multiple AWS Regions including N. Virginia, Mumbai, Seoul, Sydney, Tokyo, Canada (Central), Frankfurt, and London.
read more →

AWS Transform AI Agent for Full-Stack Windows Modernization

🔧 AWS Transform expands its .NET modernization agent into a full-stack Windows modernization agent that automates transformation of .NET applications and Microsoft SQL Server databases to Amazon Aurora PostgreSQL and deploys them to containers on Amazon ECS or Amazon EC2 Linux. The agent scans SQL Server instances in EC2 or RDS and .NET code in GitHub, GitLab, Bitbucket, or Azure Repos to produce editable modernization plans. It updates Entity Framework and ADO.NET data access code, migrates schemas and data, commits transformed code to a new branch, and supports supervised validation and deployment. Available in US East (N. Virginia).
read more →

AWS Transform gains data and activity analysis for mainframe

🔍 AWS Transform for mainframe adds data and activity analysis to extract detailed insights that drive the reimagining of legacy applications. The update provides automated code and data-structure analysis, activity analysis, technical documentation generation, business logic extraction, and intelligent code decomposition. An AI-powered chat interface lets users build flexible job plans—from full modernization workflows to analysis- or business-logic-focused jobs—so teams can prioritize and execute modernization more efficiently.
read more →

AWS Transform adds agentic AI for VMware migrations

🚀 AWS Transform adds agentic AI capabilities to automate enterprise-scale VMware migrations, collaborating with migration teams to plan and move hundreds of applications and thousands of servers. The agent discovers on-prem environments using built-in discovery, third-party inventories, and unstructured data, maps dependencies, and generates prioritized migration waves. It also produces network designs, IP management options, multi-account deployment configurations, and supports diverse sources and targets while providing iterative progress updates and approval-ready reports.
read more →

Falcon Next-Gen SIEM: Simplifying AWS Security Operations

🔒 CrowdStrike and AWS announced new integrations and consumption options to accelerate cloud security operations. Falcon Next‑Gen SIEM correlates AWS telemetry with endpoints, identities, and third‑party telemetry, offering out‑of‑the‑box dashboards, embedded AI, and over 200 CloudTrail correlation rules. A Quick Start, Amazon Athena federated search, and pay‑as‑you‑go pricing in the AWS Marketplace are intended to speed onboarding, lower storage costs, and simplify investigations.
read more →

Making the Most of Multicloud: Strategy and Security

☁ IT leaders must align business goals, governance, and security to realize multicloud benefits while managing complexity. This report outlines five core challenges — including visibility, compliance, and developer productivity — and provides guidance on securing multicloud deployments. It also examines ROI strategies and a practical checklist to maximize value and efficiency.
read more →

Choosing the Best Cloud Security Posture Management Tools

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.
read more →

Fluent Bit Bugs Could Enable Complete Cloud Takeover

⚠️ Fluent Bit, a widely deployed log-processing agent used across containers, Kubernetes DaemonSets, and major cloud platforms, contains multiple critical vulnerabilities that can enable authentication bypass, arbitrary file writes, and full agent takeover. Oligo Security, in cooperation with AWS, disclosed five severe flaws impacting in_forward authentication and the tag-handling logic, plus path traversal and buffer-overflow defects. The project has released patches in v4.1.1 and v4.0.12; operators should update and validate configurations immediately to prevent log tampering, telemetry rerouting, and potential remote code execution.
read more →

SCCM and WSUS in Hybrid Environments: Adopt Cloud Patching

☁️ Legacy Windows patching tools like SCCM and WSUS are struggling to meet the needs of distributed workforces because they depend on LAN or VPN check‑ins. The piece highlights WSUS deprecation and frequent synchronization, database, and re‑indexing failures that stall remediation. Cloud‑native, SaaS patch management (for example, Action1) allows endpoints to check in securely over the internet, use global delivery networks, and deliver faster, more consistent compliance without on‑prem infrastructure.
read more →

AWS Glue: Catalog Federation for Remote Iceberg Catalogs

🔗 AWS announces general availability of AWS Glue catalog federation for remote Apache Iceberg catalogs. The feature enables analytics engines to query Iceberg tables stored in Amazon S3 and cataloged remotely without moving or copying data, with real-time metadata synchronization to the AWS Glue Data Catalog. It leverages AWS Lake Formation for fine-grained access controls and supports the Iceberg REST specifications; federation is available in the Lake Formation console and via SDKs/APIs.
read more →

Ransomware Targets AWS S3 via Cloud Key Abuse Tactics

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.
read more →

CloudFront BYOIP for Anycast Static IPs via VPC IPAM

🌐 Amazon CloudFront now supports bringing your own IP addresses (BYOIP) for Anycast Static IPs through VPC IP Address Manager (IPAM). Network teams can register and manage public IPv4 address pools in IPAM and assign dedicated Anycast Static IP lists to CloudFront distributions, preserving existing allow-lists and avoiding changes to application address space. The capability simplifies IP address management across AWS's global edge network and improves partner reachability and security. It is available in all commercial AWS Regions except AWS GovCloud (US) and the China regions.
read more →

SageMaker HyperPod Adds NVIDIA MIG GPU Partitioning

🚀 Amazon SageMaker HyperPod now supports NVIDIA Multi-Instance GPU (MIG), enabling administrators to partition a single GPU into multiple isolated devices to run simultaneous small generative AI tasks. Administrators can use an easy console configuration or a custom setup for fine-grained hardware isolation, allocate compute quotas across teams, and monitor real-time performance per partition via a utilization dashboard. Available on HyperPod clusters using the EKS orchestrator in multiple AWS Regions, this capability reduces wait times by letting data scientists run lightweight inference and interactive notebooks in parallel without consuming full GPU capacity.
read more →

Amazon SageMaker HyperPod Adds Spot Instance Support

⚡ Amazon SageMaker HyperPod now supports Spot Instances, enabling customers to reduce GPU compute costs by up to 90% compared with on-demand instances. The integration is available on HyperPod EKS clusters and works with Karpenter for intelligent autoscaling, automatic Spot capacity discovery, and interruption handling. You can enable Spot when creating instance groups via the CreateCluster API or the AWS Console, and the feature supports all HyperPod instance types across available regions.
read more →

TalayLink Subsea Cable Connects Australia and Thailand

🌐 Today Google is announcing TalayLink, a new subsea cable that will extend the previously announced interlink cable from the Australia Connect initiative to establish a diverse path between Australia and Thailand via the Indian Ocean. The project includes planned connectivity hubs in Mandurah (Western Australia) and South Thailand, the latter in partnership with AIS, plus local landing support from IGC. These investments are designed to integrate Google Cloud’s upcoming Thailand region and data center into its global network, improving resilience, routing diversity, and onward connectivity across the Indian Ocean.
read more →

AWS Compute Optimizer Adds Automation Rules for EBS

🛠 AWS Compute Optimizer introduces automation rules to optimize Amazon Elastic Block Store (EBS) volumes at scale. The feature can automatically clean up unattached volumes and upgrade volumes to the latest-generation types on a recurring schedule, using filters such as AWS Region and Resource Tags. A new dashboard summarizes automation events, shows step history and estimated savings, and supports action reversal.
read more →

Ransomware Shifts Focus to AWS S3 Buckets and Keys

🔐 A Trend Micro analysis warns ransomware actors are increasingly targeting cloud storage by abusing AWS-native encryption and key management to render S3 data unrecoverable. Attackers probe buckets with disabled versioning or Object Lock, exploit wide write permissions, and weaponize SSE-KMS, SSE-C, BYOK and XKS to seize control of keys. Researchers recommend least-privilege IAM, enable versioning/Object Lock, isolate backups, and continuously monitor audit logs. An "assume breach" posture and short-lived credentials are urged to limit impact.
read more →

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.
read more →