Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
Firms are introducing 300 services monthly, contributing to 32% of high or critical cloud exposures
Let SANS help you get to grips with the shifting landscape of cloud security Sponsored Post Our reliance on the cloud continues to grow steadily, with a greater variety of services than ever being hosted in it.…