This Week in Security News - April 1, 2022
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’
Reverse engineering yields sticky microarchitectural vulnerabilities Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory (PNNL). This might be less concerning for those with on-prem DGX systems, but for cloud vendors selling time on the AI training boxes, the vulnerabilities are worth noting.…
'We have this small moment in time where we can make improvements in our defensive posture' The US and its NATO allies should expect a "long tail of retaliation," in the form of cyberattacks, for the sanctions imposed on Russia, says cloud security shop ExtraHop's CEO Patrick Dennis.…
Oh look, someone else who thinks on-prem is old hat Cryptocurrency mining groups that typically have targeted on-premises servers are now competing fiercely for servers in the cloud.…
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
Easy unauthenticated remote code execution - PoC code already out
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.
Backed by Sequoia, Accel, and Cyberstarts, Cyera is building the security layer for the data plane in the cloud and enabling enterprises to identify and reduce risks across all cloud-based data repositories.
Learn more about cloud-based cryptomining, its repercussions, and how CISOs can create an effective risk mitigation strategy for this threat.
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency.