Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud is a term that describes the use of networked remote servers hosted on the internet to store, manage, and process data, as opposed to using a local server or a personal computer. In the context of information security, the cloud represents an environment that facilitates both the convenience and challenges of managing and safeguarding data and applications.
In this environment, security concerns include protecting data from unauthorized access, ensuring data integrity, preventing data breaches, and maintaining user privacy. Due to the shared resource nature of cloud services, information security must also address multi-tenancy issues, where multiple users or organizations store their data on the same physical hardware.
Additionally, the dynamic nature of cloud computing, with its ability to scale resources on demand, introduces unique security considerations. These include the need for robust identity and access management (IAM) systems, encryption of data both at rest and in transit, and adherence to compliance standards and regulations that govern data security in the cloud.
Securing the cloud involves a shared responsibility model—where cloud service providers are responsible for the security of the cloud infrastructure, and customers must secure their data and applications within the cloud. This collaborative effort helps ensure that the full potential of cloud computing is realized in a secure and compliant manner.
Weekly headline count for the current query.
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS)
Ransomware Group Among Attackers Focused on Exploiting Citrix Netscaler FlawSecurity experts warn that attackers have ramped up their collective attempts to find and exploit Citrix NetScaler devices that remain unpatched. Cloud Security Group patched CVE-2025-5777, a flaw also known as "Citrix Bleed 2," nearly four weeks ago with a software update.
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893)
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. [...]
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. [...]
We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847.
This blog discusses how CVE-2021-4034 can be detected and blocked using Trend Micro™ Vision One™ and Trend Micro Cloud One™.
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.