All news with #cloud security tag

🔁 AWS Transform for VMware now supports VPC CIDR range modifications to prevent IP conflicts during migrations. The service automatically updates all associated resources — including subnets, security groups, routing tables, and target instances — when you change VPC CIDRs. You can preserve source IPs, apply adjusted addresses aligned to new VPC CIDRs, or choose DHCP-based assignment. Agentic AI automation speeds discovery, planning, and migration workflows and the feature is available in additional regions including US East (Ohio), Europe (Stockholm), and Europe (Ireland).

🔍 AWS has expanded AWS Transform assessment to analyze on‑premises detached storage infrastructures, including SAN, NAS, file servers, object stores and virtual environments. The new capability maps existing storage to AWS targets such as Amazon S3, Amazon EBS and Amazon FSx, and delivers a comparative Total Cost of Ownership (TCO) analysis. It also provides performance and cost optimization recommendations for compute and storage workloads, noting storage can represent up to 45% of migration opportunities. The assessment is available in US East (N. Virginia) and Europe (Frankfurt).

🔒 Google Cloud has expanded its Intel TDX-based Confidential Computing portfolio, now offering Confidential GKE Nodes, Confidential Space, and Confidential GPUs alongside broader regional availability. Creating an Intel TDX Confidential VM is exposed directly in the GCE Create an instance flow under the Security tab, with no code changes required. The C3 machine series supports Intel TDX across additional regions and zones, and NVIDIA H100 GPUs on the A3 series enable confidential AI by combining Intel CPU protection with NVIDIA Confidential Computing on the GPU.

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.

🔐 AWS introduced three new global IAM condition keys—aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID—to simplify network-origin access controls across multiple accounts and OUs. These keys let administrators restrict resource access based on the account, organizational unit path, or organization that owns the VPC endpoint used for a request, reducing the need to enumerate VPC or VPC endpoint IDs. Example use cases include S3 bucket policies and centrally applied RCPs or SCPs to enforce corporate network perimeters and intra-organization segmentation; adoption depends on service support and testing prior to production rollout.

📝 Microsoft is testing a change that will enable autosave and save new documents to OneDrive by default in Word for Windows, delivered first to Microsoft 365 Insiders in the Beta Channel with Version 2509 (Build 19221.20000) or later. Microsoft says the feature will come to Excel and PowerPoint for Windows later this year. Users can choose a local folder instead or toggle the behavior off via the Save page in Word options. Microsoft lists several known issues being addressed during testing.

🔐 AWS announced that AWS Client VPN version 5.3.0 adds official support for Windows Arm64, enabling the AWS-supplied desktop VPN client to run on the latest Arm64-based Windows devices. The client remains free of charge and is available in all regions where the service is generally available. Client VPN is a managed service that connects remote users securely to AWS and on-premises networks and continues to support macOS 13–15, Windows 10 (x64), Windows 11 (Arm64 and x64), and Ubuntu Linux 22.04 and 24.04 LTS. Administrators can download and deploy the updated client to bring Arm64 Windows endpoints into supported VPN configurations.

🔒 Cloudflare One users can now connect OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini to Cloudflare's API CASB to scan GenAI tenants for misconfigurations, DLP matches, data exposure, and compliance risks without installing endpoint agents. The API CASB provides out-of-band posture and DLP analysis, while Cloudflare Gateway delivers inline prompt controls and Shadow AI identification. Integrations are available in the dashboard or through your account manager.

🔒 Today’s distributed, cloud-first enterprises face complex security gaps across on-premises, cloud and edge environments. The article introduces the Hybrid Mesh Firewall (HMF) model and positions Palo Alto Networks as delivering a complete platform that unifies hardware, virtual, container and FWaaS firewalls under Strata Cloud Manager. It emphasizes Precision AI for continuous, real-time threat prevention and cites integrated security services to simplify operations and reduce blind spots.

🔒 CrowdStrike has been named a Leader in the 2025 IDC MarketScape for Exposure Management. Falcon Exposure Management delivers AI-native, real-time visibility and prioritization of exposures and attack paths across endpoint, cloud, identity and OT/IoT, helping teams focus on what adversaries can feasibly exploit. It unifies VM, ASM and CAASM capabilities and introduces Network Vulnerability Assessment for continuous discovery of unmanaged network devices without additional agents or hardware. Integrated exposure data is correlated across CrowdStrike Threat Graph, Intel Graph and Asset Graph to support faster, automated remediation.

📊 AWS announces general availability of AWS Billing and Cost Management Dashboards, a customizable feature that consolidates spending data from AWS Cost Explorer, Savings Plans, and Reserved Instance coverage and utilization reports. Users can build cost, usage, Savings Plans, and Reserved Instance widgets with line, bar, stacked bar, or table visualizations, arrange layouts, and share dashboards across accounts. The capability is available at no additional cost in all AWS commercial Regions except AWS China Regions.

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.

🔒 FortiCNAPP unifies cloud security across posture, workload runtime, control plane, and application layers to address common gaps that expose cloud-native applications. The platform delivers continuous asset discovery and inventory mapping, built-in CSPM with compliance mappings, runtime workload protection, and CDR that correlates host telemetry with cloud audit logs via composite alerts. Integrated FortiWeb WAF/API protections and CI/CD scanning enable a shift-left workflow so developers and security teams can detect and remediate risks earlier without slowing delivery.

🌍 Palo Alto Networks has launched a new cloud location in South Africa to bring its AI-powered security platforms closer to local organizations. The region will host core services including Cortex XSIAM, Prisma SASE, Advanced WildFire, Advanced DNS Security, Strata Cloud Manager and Strata Logging Service. Local hosting is designed to reduce latency, meet data residency and sovereignty requirements, and deliver real-time detection, automated response and centralized logging. The investment aims to support South Africa’s digital transformation while addressing rising ransomware and phishing threats across the region.

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.

🔍 SRA Verify is an open-source assessment tool from AWS that automates validation of an organization’s alignment to the AWS Security Reference Architecture (AWS SRA). It runs automated checks across multiple services to verify configurations and highlight deviations from recommended patterns. The tool links checks to remediation guidance and IaC examples to help teams implement fixes more quickly. It currently covers CloudTrail, GuardDuty, IAM Access Analyzer, Config, Security Hub, S3, Inspector, and Macie, with plans to expand.

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

🔒 UpGuard discovered an Amazon S3 bucket at the subdomain 'alteryxdownload' that was misconfigured to allow any AWS 'Authenticated Users' to download its contents. The repository included Alteryx software and a 36 GB ConsumerView dataset from Experian containing 123 million household records and 248 fields. A separate file held public 2010 US Census data. Alteryx secured the bucket after notification, underscoring vendor and cloud configuration risk.