Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

Tip 21 May 2025
How to choose a cloud key management service

Amazon, Microsoft, Google, Oracle and cloud-agnostic vendors offer cloud key management services. Read up on what each offers and how to choose the right KMS for your company. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 30 Apr 2025
RSAC Conference 2025 video reports

We chatted on camera with attendees and presenters at RSAC 2025. Check out this video collection to get highlights from one of the world's major cybersecurity conferences. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor

Opinion 14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023

At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
By
- Rob Wright, Senior News Director
News 01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility

The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 May 2023
Prepare for the Azure Security Engineer Associate certification

Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 to become Microsoft certified. Continue Reading
By
- Liam Cleary, SharePlicity
News 15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks

As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
By
- Arielle Waldman, News Writer
Feature 12 May 2023
Security experts share cloud auditing best practices

A cloud audit allows organizations to assess cloud vendor performance. Auditing experts Shinesa Cambric and Michael Ratemo talk about the role of compliance in auditing. Continue Reading
By
- Johanna McDonald, Former Site Editor
Tip 10 May 2023
How to reduce risk with cloud attack surface management

Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
By
- Dave Shackleford, Voodoo Security
Opinion 09 May 2023
Addressing the confusion around shift-left cloud security

To clarify how shift-left security should work in terms of cloud-based application development, Enterprise Strategy Group analyst Melinda Marks dives deep into the process. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 09 May 2023
Certified Cloud Security Professional (CCSP)

Certified Cloud Security Professional (CCSP) is an International Information System Security Certification Consortium, or (ISC)2, certification that covers cloud-based cybersecurity best practices. Continue Reading
By
- Casey Clark, TechTarget
Feature 05 May 2023
How to implement principle of least privilege in Azure AD

Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 05 May 2023
How to start handling Azure network security

Before adopting Microsoft Azure, it's important to consider how to secure the cloud network. That's where network security groups and Azure Firewall come in. Continue Reading
By
- Kyle Johnson, Technology Editor
News 02 May 2023
CrowdStrike focuses on ChromeOS security, rising cloud threats

Raj Rajamani, CrowdStrike's chief product officer of data, identity, cloud and endpoint security, said ChromeOS devices are gaining increasing adoption in the enterprise space. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 25 Apr 2023
Cloud-native security metrics for CISOs

Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 13 Apr 2023
Western Digital restores service; attack details remain unclear

While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Apr 2023
How to use a CASB to manage shadow IT

Shadow IT can cost organizations time, money and security. One way to combat unauthorized use of applications is to deploy a CASB. Continue Reading
By
- Paul Kirvan
News 12 Apr 2023
Cisco provides extra-secure Webex for U.S. government

Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
By
- Mary Reines, News Writer
Definition 11 Apr 2023
AWS CloudTrail

AWS CloudTrail is an application program interface (API) call-recording and log-monitoring service offered by Amazon Web Services (AWS). Continue Reading
By
- Madelyn Bacon, TechTarget
Feature 11 Apr 2023
Practice Microsoft SC-100 exam questions with answers

Use these practice multiple-choice questions, with answers, to assess your knowledge of the Microsoft Cybersecurity Architect exam. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 11 Apr 2023
How to use Azure AD Connect synchronization for hybrid IAM

Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
News 30 Mar 2023
Azure Pipelines vulnerability spotlights supply chain threats

Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Rob Wright, Senior News Director
Tip 28 Mar 2023
How to mitigate low-code/no-code security challenges

Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 20 Mar 2023
4 cloud API security best practices

APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 15 Mar 2023
Dell launches new security offerings for data protection, MDR

Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
By
- Arielle Waldman, News Writer
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Opinion 14 Feb 2023
Top takeaways from first CloudNativeSecurityCon

TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Feb 2023
Hypervisor patching struggles exacerbate ESXiArgs attacks

Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight. Continue Reading
By
- Arielle Waldman, News Writer
Definition 08 Feb 2023
Boomi AtomSphere Platform (Dell Boomi AtomSphere)

Dell Boomi is a Software as a Service (SaaS) integration vendor that provides its AtomSphere technology to a host of industry giants, including Salesforce.com, NetSuite, SuccessFactors and SAP. Continue Reading
By
- Rahul Awati
- Delaney Rebernik, TechTarget
News 06 Feb 2023
Widespread ransomware campaign targets VMware ESXi servers

The attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 24 Jan 2023
5 ways to enable secure software development in 2023

Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 17 Jan 2023
Microsoft fixes SSRF vulnerabilities found in Azure services

Orca Security, which discovered the Azure flaws, warned enterprises to be aware of SSRF attacks, which can result in a threat actor accessing or modifying sensitive data. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Dec 2022
Play ransomware actors bypass ProxyNotShell mitigations

CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 08 Dec 2022
Risk & Repeat: Breaking down Rackspace ransomware attack

This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Dec 2022
Cisco teases new capabilities with SD-WAN update

Cisco SD-WAN 17.10 enhancements give enterprises the option of using security service edge providers Cloudflare and Netskope in secure access service edge deployments. Continue Reading
By
- Mary Reines, News Writer
Tip 06 Dec 2022
How to implement least privilege access in the cloud

More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 06 Dec 2022
Rackspace confirms ransomware attack after Exchange outages

The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Dec 2022
Rackspace 'security incident' causes Exchange Server outages

Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 10 Nov 2022
Secure development focus at KubeCon + CloudNativeCon 2022

The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 02 Nov 2022
Kusto Query Language primer for IT administrators

Administrators who use Microsoft cloud services, such as Microsoft Sentinel and Microsoft 365, can learn how to pull information from those products with KQL queries. Continue Reading
By
- Liam Cleary, SharePlicity
Tip 27 Oct 2022
Types of cloud malware and how to defend against them

Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 20 Oct 2022
Microsoft confirms data leak caused by misconfiguration

Microsoft criticized SOCRadar's reporting of the data leak, saying the threat intelligence vendor "greatly exaggerated" its claim that 65,000-plus entities had data exposed. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 19 Oct 2022
3 cloud security posture questions CISOs should answer

As cloud adoption continues to accelerate, CISOs must help IT and cybersecurity teams keep pace with evolving cloud markets, especially when it comes to cloud security posture. Continue Reading
By
- Kristopher Carr
News 19 Oct 2022
Azure vulnerability opens door to remote takeover attacks

Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes. Continue Reading
By
- Shaun Nichols
Tip 30 Sep 2022
How to decide on what Office 365 add-on licenses to use

Missing certain functionality and want to supplement your subscription to Office 365 or Microsoft 365? Find out what extras make sense for your organization. Continue Reading
By
- Liam Cleary, SharePlicity
Definition 29 Sep 2022
software-defined perimeter (SDP)

A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources. Continue Reading
By
- Sharon Shea, Executive Editor
Opinion 21 Sep 2022
Planning the journey from SD-WAN to SASE

Enterprises need integrated security and networking frameworks to manage distributed IT environments and are looking to SD-WAN and security options like SASE to get the job done. Continue Reading
By
- Bob Laliberte, Former Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Opinion 14 Sep 2022
5 ways to improve your cloud security posture

With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
By
- Melinda Marks, Practice Director
News 13 Sep 2022
Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
By
- Shaun Nichols
Opinion 12 Sep 2022
How data security posture management complements CSPM

Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 30 Aug 2022
VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Aug 2022
Mitiga: Attackers evade Microsoft MFA to lurk inside M365

During an incident response investigation, Mitiga discovered attackers were able to create a second authenticator with no multifactor authentication requirements. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Aug 2022
5 key questions to evaluate cloud detection and response

Consider these five questions before deciding to invest in a specialized cloud detection and response product. Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 24 Aug 2022
homomorphic encryption

Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 17 Aug 2022
CISA: Threat actors exploiting multiple Zimbra flaws

Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 11 Aug 2022
What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
News 10 Aug 2022
Ermetic addresses IAM weaknesses in multi-cloud environments

Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Aug 2022
Amazon CSO Steve Schmidt talks prescriptive security for AWS

In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
News 03 Aug 2022
Amazon CSO Steve Schmidt preaches fungible resources, MFA

In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
By
- Rob Wright, Senior News Director
- Arielle Waldman, News Writer
News 02 Aug 2022
New Microsoft tools aim to protect expanding attack surface

New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jul 2022
AWS adds Kubernetes security tie-ins amid SecOps tool sprawl

Amazon Detective pulls Kubernetes security data into a broader threat detection and CSPM context as IT pros at large orgs seek integrated multi-cloud security workflows. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 28 Jul 2022
AWS adds anti-malware and PII visibility to storage

New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
By
- Tim McCarthy, News Writer
News 26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022

To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jul 2022
CrowdStrike launches cloud threat hunting service

Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 20 Jul 2022
data compliance

Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats. Continue Reading
By
- Paul Kirvan
News 19 Jul 2022
Calamu Protect defends data through sharding, encryption

Calamu Protect 1.2 expands data protection capabilities for its data harbor through multi-tenancy features and support for protecting Microsoft 365 data. Continue Reading
By
- Tim McCarthy, News Writer
Tip 18 Jul 2022
Key factors to achieve data security in cloud computing

Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 14 Jul 2022
3 steps for getting started with security service edge

Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?

Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 28 Jun 2022
Do you meet all the modern authentication requirements?

Microsoft's push to a more secure method for user authentication and authorization could catch some enterprises flat-footed if IT hasn't done its homework. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
News 28 Jun 2022
Wiz launches open database to track cloud vulnerabilities

Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
By
- Arielle Waldman, News Writer
Tutorial 27 Jun 2022
How to set up Exchange Online modern authentication

Microsoft plans to tighten up security on its hosted email platform to prevent attackers from gaining access to user credentials. Is your organization ready? Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
- Nathan O'Bryan, Planet Technologies
News 24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process

While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach

The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 16 Jun 2022
Top cloud security takeaways from RSA 2022

Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG. Continue Reading
By
- Melinda Marks, Practice Director
News 15 Jun 2022
Microsoft takes months to fix critical Azure Synapse bug

Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 15 Jun 2022
How to evaluate security service edge products

As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud

Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities

Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Jun 2022
Skyhigh Security CEO, VP talk life after McAfee

Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Jun 2022
VMware launches 'threat intelligence cloud' Contexa

The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 Jun 2022
Hackers ransom 1,200 exposed Elasticsearch databases

An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks. Continue Reading
By
- Shaun Nichols
Tip 31 May 2022
How to get started with multi-cloud threat hunting

More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk. Continue Reading
By
- Ed Moyle, SecurityCurve
News 26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
By
- Shaun Nichols
News 25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By
- Arielle Waldman, News Writer
News 18 May 2022
CISA calls out security misconfigurations, common mistakes

Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 May 2022
3 ways to apply security by design in the cloud

Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 10 May 2022
Microsoft modern authentication deadline looms over Exchange

Support for basic authentication will end this year, giving administrators who haven't switched to a newer authentication method little time to prepare for a smooth transition. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
News 05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts

Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
By
- Shaun Nichols
News 05 May 2022
Google cloud misconfiguration poses risk to customers

Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Apr 2022
Is cloud critical infrastructure? Prep now for provider outages

The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines

From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 25 Apr 2022
LemonDuck botnet evades detection in cryptomining attacks

While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation

Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 14 Apr 2022
Study attests: Cloud apps, remote users add to data loss

A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
By
- Margie Semilof, TechTarget
Tip 14 Apr 2022
The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 07 Apr 2022
Should companies ask for a SaaS software bill of materials?

Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
By
- Ed Moyle, SecurityCurve
News 05 Apr 2022
Conti ransomware deployed in IcedID banking Trojan attack

The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365

CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
By
- Shaun Nichols
News 23 Mar 2022
Lawsuit claims Kronos breach exposed data for 'millions'

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 22 Mar 2022
STG launches Skyhigh Security from McAfee cloud assets

The new company combines the McAfee Enterprise Security Service Edge portfolio with a name reminiscent of a previous McAfee acquisition: Skyhigh Networks. Continue Reading
By
- Alexander Culafi, Senior News Writer