Cloud Security News
40 episodes - English - Latest episode: about 1 year ago - ★★★★★ - 2 ratingsYour weekly digest of what you need to know in the world of Cloud Security. We do the hard work for you, so you are always across the important bits.
Brought to you by the team behind the much loved Cloud Security Podcast
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Vulnerabilities discovered in AWS, GCP and Azure
January 26, 2023 13:27 - 7 minutes - 7.31 MBCloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The v...
Amazon S3 encrypts by default and The CircleCI Breach
January 14, 2023 02:51 - 6 minutes - 5.96 MBCloud Security News this week 14 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News According to recent study published by IEEE which I found interesting (which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industr...
New Cloud Vulnerability Database + Another Misconfigured S3 Bucket
July 14, 2022 05:31 - 5 minutes - 5.31 MBCloud Security News this week 14 July 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Dell Embraces Multi-cloud + Hackers use stolen OAuth
May 11, 2022 12:38 - 6 minutes - 6.24 MBCloud Security News this week 11 May 2022 Brought to you this week by JupiterOne To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
AWS Security Hub releases 5 new controls + Latest with Spring4shell
April 13, 2022 14:15 - 5 minutes - 5.01 MBCloud Security News this week 12 April 2022 Brought to you this week by Teleport To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
What is Spring4shell? + Should we be concerned?
April 07, 2022 13:27 - 4 minutes - 4.17 MBCloud Security News this week 30 March 2022 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Latest with Okta/Lapsus$ + Return of Log4J
March 30, 2022 13:07 - 6 minutes - 5.78 MBCloud Security News this week 30 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
All you need to know about the Okta and Microsoft breach
March 23, 2022 12:23 - 5 minutes - 5.43 MBCloud Security News this week 23 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
The Cyber Defense Matrix + CSA launches Zero Trust Advancement Center
March 16, 2022 11:43 - 4 minutes - 3.94 MBCloud Security News this week 16 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Google's 5.4B Aquisition + CNCF Accepts Knative, a kubernetes Platform
March 09, 2022 11:22 - 8 minutes - 7.97 MBCloud Security News this week 9 March 2022 Brought you by - JupiterOne - Find out more about them at www.jupiterone.com/csp - Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
JupiterOne announces open source StarBase
March 02, 2022 12:42 - 5 minutes - 4.64 MBCloud Security News this week 2 March 2022 Brought you by Hunters - Find out more about them at www.hunters.ai To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Snyk Acquires Fugue + Amazon CodeGuru Reviewer now detects Apache Log4j
February 23, 2022 11:45 - 5 minutes - 5.43 MBCloud Security News this week 23 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News
Azure Launches Azure Payment HSM
February 17, 2022 04:42 - 4 minutes - 4.56 MBCloud Security News this week 16 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google’s Cybersecurity Action Team has released Threat Horizon’s report this month. The report can be accessed here Staying in theme with Google Cloud (which also happens to be our theme for this month at Cloud Security Podcast). This week they have reported a low severity vulnerability in the Linux kernel...
Amazon GuardDuty now protects Amazon EKS
February 09, 2022 13:47 - 5 minutes - 5.46 MBCloud Security News this week 09 February 2022 - https://cloudsecuritypodcast.tv/cloud-security-news/ Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud has released the Virtual Machine Threat Detection tool as part of their Security Command Center for Premium customer. According to Google’s blog this “is a first-to-market detection capability from a major cloud provider that provides agentless memory scanning to help detect threats like cryptom...
Google reports Linux Kernel Vulnerabilities
February 02, 2022 13:28 - 5 minutes - 4.91 MBCloud Security News this week 02 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp Google Cloud have reported that 3 security vulnerabilities have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.Google have shared that these vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu). Pods using...
McFee and FireEye join forces for XDR
January 26, 2022 14:40 - 3 minutes - 3.58 MBCloud Security News this week 26 Jan 2022 Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The merger of these two companies has now form Trellix, which aims to be a leader in extended detection and response (XDR). In their blog post Trellix shared that “Customers can expect Trellix’s living security platform to deliver bold innovation across the XDR market.” - “with automation, machine le...
Remote Access Trojans target Public Cloud Infrastructure
January 19, 2022 12:34 - 7 minutes - 6.58 MBCloud Security News this week 19 Jan 2022 Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud ser...
UK Financial Regulators monitoring Cloud Providers Closely
January 12, 2022 11:19 - 4 minutes - 4.1 MBCloud Security News this week 12 Jan 2022 UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on ...
Google invests in Security + Microsoft's Log4Shell Update
January 05, 2022 12:16 - 5 minutes - 4.88 MBCloud Security News this week 5 Jan 2022 Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innova...
The Latest with Log4J
December 22, 2021 13:10 - 3 minutes - 3.65 MBCloud Security News this week 22 December 2021 Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week’s episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far. To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues...
The Log4j Vulnerability - Cloud Providers Respond
December 15, 2021 13:00 - 2 minutes - 2.65 MBCloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had b...
AWS Outage - What is impacted?
December 08, 2021 13:11 - 3 minutes - 3.56 MBCloud Security News this week 8 December 2021 If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for console...
AWS re:Invent 2021 - All the Cloud Security Updates so far
December 02, 2021 14:19 - 7 minutes - 6.73 MBCloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year, we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield, Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets...
24 November 2021 - GoDaddy looses 1.2 million user information
November 24, 2021 12:07 - 5 minutes - 4.99 MBCloud Security News this week 24 November 2021 CSA recently announced that they have now had 1500 Cloud services evaluated across to the STAR registry principles. According to CSA, by publishing to the registry organizations can show current and potential customers their security and compliance posture which may prevent the need for them to complete multiple security questionnaires. You can find more information about CSA and STAR registry here Security researcher Schütz was rewarded a $4,...
17 November 2021 - Feds go Cloud Smart + Alibaba Cloud targeted by Hackers
November 17, 2021 11:20 - 4 minutes - 4.45 MBCloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this h...
10 November, 2021 - Secure AWS + Azure from one Place, Better Linux Security support on Azure
November 10, 2021 12:27 - 3 minutes - 3.68 MBCloud Security News this week 10 November 2021 Microsoft is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) - yes you heard that right! within a suite called Microsoft Defender for Cloud. This was previously know as Azure Security Center and Azure Defender At their annual conference Ignite 2021, their focus was enterprise cloud protection, specially multi cloud environments. Microsoft Defender for Cloud will now...
03 November, 2021 - AWS Earns over 16billion this quarter + SEGA on Microsoft Azure
November 03, 2021 11:19 - 3 minutes - 3.05 MBCloud Security News this week 27 October 2021 In case you missed the quarterly earnings updates from last episode, I do encourage you to check it out to see how Google Cloud and Azure faired last Quarter. AWS came out still leading the pack $16.11 billion in the quarter, up almost 39% from a year ago. You can view the report here Industry Tech giants including Google, Salesforce, Okta and Slack have announced the creation of a “vendor-neutral” security baseline for businesses called ‘Mini...
27 October, 2021 - AWS lands UK Spy Agency Contract
October 27, 2021 11:23 - 5 minutes - 5.15 MBCloud Security News this week 27 October 2021 UK’s spy agencies have given a contract to AWS to host classified material. Their intention is to boost use of data analytics and artificial intelligence for espionage. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade. The Guardian has reported that “the contract with Amazon is likely to ignite concerns over sovereignty because the UK’s most secret data will be hosted by a single US tech company” - Quit...
22 October, 2021 - HashiConf 2021 - The best Cloud Security Bits
October 22, 2021 13:26 - 3 minutes - 2.83 MBCloud Security News this week 22 October 2021 Hope you have been enjoying your Cloud Security News this week and in our special third instalment for this week we bring you our best bits from Hashiconf Global 2021, conference held by Hashicorp. Hashicorp is a software company who provide open source tools and products - some of their popular products Vagrant, Terraform, Vault and boundary - You can view the conference and the talks here The opening keynote was delivered by their Co-Founders...
21 October, 2021 - Kubecon NA 2021 - what you might miss
October 21, 2021 12:41 - 3 minutes - 2.89 MBCloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team’s favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today’s episode. TUF refers to The Update Framework, SPIFFE refers to Secure Pr...
20 October, 2021 - Google Cloud Next 21 - All the Security Updates
October 20, 2021 13:45 - 5 minutes - 5.16 MBCloud Security News this week 20 October 2021 Google Cloud is adding new features to their zero trust access solution, BeyondCorp Enterprise which will enable identity and context-aware access to non-web applications running in Google Cloud and non-Google Cloud environments. They also claim to be making it easier for admins to diagnose access failure, triage events, and unblock users with the new Policy Troubleshooter feature. If you are familiar with XDR - which allows for Extended Detec...
14 October, 2021 - Google Cloud Next 21, Kubecon + VMworld
October 13, 2021 13:34 - 4 minutes - 4.44 MBCloud Security News this week 14 October 2021 It's an eventful month for all things cloud as Google Cloud Next 21 and Kubecon are happening this week. Ashish from Cloud Security Podcast was co-hosting the Capture the Flag today with Magno Logan from Trend Micro, you can check it out here. In next week’s episode we will be bringing to you the best bits from Kubecon and Google Cloud Next 21. You can view these events virtually at the links below Google Cloud Next 21 Kubecon Google Clou...
06 October, 2021 - AWS Launches Cloud Control API
October 06, 2021 12:25 - 3 minutes - 3.34 MBCloud Security News this week 06 October 2021 AWS has announced the availability of AWS Cloud Control API - a set of common application programming interfaces (APIs) that are designed to make it easy for developers to manage their AWS and third-party services. AWS Cloud Control API can be used to create, read, update, delete, and list (CRUD-L) your cloud resources that belong to a wide range of services—both AWS and third-party. You won't have to generate code or scripts specific to each in...
29 Sep, 2021 - Foggyweb Malware, New Cloud Data Framework + OWASP Top 10
September 29, 2021 14:11 - 3 minutes - 3.61 MBCloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud. The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies. The framework can be found here Microsoft has published information this week on a new malware it ca...
22 Sep, 2021 - Vulnerabilities in GCP, AWS and Amazon
September 29, 2021 14:08 - 2 minutes - 1.98 MBCloud Security News this week - 22 September 2021 AWS, Google Cloud and Azure have all been busy last few weeks fixing and patching Vulnerabilities. In addition to Azure's OMIGOD flaws which we covered in last week’s episode, Google Cloud reported that some of their load balancers were routing to an Identity-Aware Proxy (IAP) enabled Backend Service which could have been vulnerable to an untrusted party. Google Cloud have confirmed that this issue has been resolved. Rhino Security Labs hav...
15 Sep, 2021 - Oracle superior to AWS? AWS Vulnerabilities Discovered and fwd:cloudsec conference held this week
September 15, 2021 13:34 - 3 minutes - 3.08 MBCloud Security News this week - 15 September 2021 Oracle Chief Technology Officer and co-founder Larry Ellison told their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report...
8 Sep, 2021 - IBM Launches Servers for Hybrid Cloud, Microsoft and Verizon bring 5G Edge Cloud Computing
September 08, 2021 12:27 - 2 minutes - 2.07 MBCloud Security News this week - 8 September 2021 Verizon, a multinational telecommunications giant and Microsoft have teamed up to bring on-prem, private 5G edge cloud computing to business. Their offer is a cloud platform that puts compute and storage services at the edge of the network at the customer premises. This has the potential to offer lower lag time and high bandwidth for demanding applications such as virtual and augmented reality and machine learning. In Australia, as part of ...
1 Sep, 2021 - Microsoft warns thousands of cloud customers of exposed databases
September 01, 2021 11:32 - 2 minutes - 2.05 MBCloud Security News this week - 1 Sep, 2021 Last Thursday, on the 26th of August 2021 - Microsoft warned thousands of its cloud computing customers, including some of the world's largest companies. that hackers could have the ability to read, change or even delete their main databases. This is due to a vulnerability in the Jupyter Notebook Feature in Microsoft Azure's flagship Cosmos database. Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to c...
25 Aug, 2021 - AWS Re:inforce CANCELLED, AWS Launches Partner Program. Microsoft Protests NSA Contract
August 25, 2021 13:37 - 1 minute - 1.68 MBCloud Security News this week - 25 Aug, 2021 AWS is launching a new partner competency for managed security service providers (MSSPs) which will make their cloud software solutions and services available in the AWS Marketplace. AWS are coining this an industry first + designed to help partners differentiate themselves in a crowded security market Default Permissions on Microsoft Power Apps, a cloud-hosted suite of services that allows organizations to create business intelligence applicati...
Cloud Security News Trailer
August 25, 2021 13:04 - 20 seconds - 325 KBWelcome to Cloud Security News, your weekly digest of what you need to know in the world of Cloud Security. We do the hard work for you, so you are always across the important bits. Brought to you by the team behind the much loved Cloud Security Podcast Links Cloud Security Podcast