loud

Easy Dynamics Secures 10-year USDA STRATUS Cloud Win

Modernizing the USDA's IT Infrastructure




loud

Easyfun.gg Launches New Cloud Gaming Platform, Achieves 10,000 User Hours Daily

Easyfun.gg, a newly-launched cloud gaming platform designed for PCs to play mobile games, offers users the ability to enjoy various mobile games online for free. The platform has quickly achieved a significant milestone of 10,000 user hours daily.




loud

Onlive Server launched Germany VPS Server hosting with Unlimited Bandwidth and Cloud KVM VPS Panel

Multiple Option available in Germany Cloud VPS Control Panel like as an upgrade or upgrade resources of your Cloud VPS Hosting in a one-click and also many amazing features.




loud

IAM Health Cloud Helps to Support the Launch of Professional Services in AWS Marketplace

IAM Health Cloud will assist your organization with monitoring, knowing, and ensuring the right access for the right people at the right time.




loud

iuvo Technologies Wins Channel Partners Excellence Cloud Builder Award

We're serious about our cloud-forward approach and we are continuously innovating to ensure our customers succeed.




loud

UK VPS Hosting with Unlimited Bandwidth and Cloud KVM Panel Launched Onlive Server

Onlive Server provides the Hypervisor KVM and cloud computing services that are eventually just like the entire website development and therefore the website-related digital marketing part.




loud

Timex Sri Lanka replaces SAP with WFX Cloud ERP for digital upgrade

Timex Garments adopts WFX ERP for specialised, cloud-based digital transformation, enhancing efficiency. Replacing SAP with WFX, Timex gains industry-specific solutions with WFX ERP for garment manufacturing. New WFX ERP ensures Timex Garments remains innovative and responsive to market changes. This shift will enable Timex to improve operational efficiency.




loud

Data Security for Banks and Financial Institutions: Top 4 Myths About Moving to the Cloud

Many small-to-midsize banks and financial institutions are still running on-premise Microsoft Exchange email servers, whether in their own walls, or in the walls of their technology service provider. Microsoft recently announced that multiple hacking groups were targeting Microsoft Exchange servers in coordinated attacks, which could cause a damaging data breach for these organizations. With all...

The post Data Security for Banks and Financial Institutions: Top 4 Myths About Moving to the Cloud appeared first on Anders CPA.




loud

TrustCloud offers a look at the future of post-quantum encryption preservation with the release of Quantum Vault on DocuSign

This innovative offering sets a new standard for secure digital storing, document preservation, and evidence archiving and management




loud

Atlantic.Net joins NVIDIA?s Cloud Service Provider Program to support AI adoption

Atlantic.Net?empowers customers to advance offerings through market-leading AI cloud solutions, helping to speed up the adoption of AI compute for software developers and businesses




loud

White House up in the Clouds

Opportunity, timing and position are well know cornerstones in capturing fleeting moments. Sometimes it's even a suggestion.




While sitting on the patio in San Miguel de Allende my wife suggested that I photograph a white house on the cliff-side that was surrounded by clouds.

When I first looked up it didn't look that interesting but after getting the camera out and setting it up, the above cloud formation moved in creating a striking visual effect. The columns and rounded domes of the house are re-enforced by similar but looser structures in the cloud.

 original image out of camera

The original image looks interesting but is a little flat and static.
The changes I made were to add clarity +87 to increase contrast of clouds and house, increase highlights +60 to make the clouds and house even brighter and reduce both luminance and saturation of the blues and cyans in camera RAW.

In Photoshop, I decreased the saturation and luminance of the greens and oranges to keep mainly 2 dominant colors of white and blue.

Adding contrast to the clouds almost make them appear to explode around the house.

Niels Henriksen




loud

‘A World Without Clouds. Think About That a Minute’: New Study Details Possibility of Devastating Climate Feedback Loop

By Jessica Corbett Common Dreams “We face a stark choice [between] radical, disruptive changes to our physical world or radical, disruptive changes to our political and economic systems to avoid those outcomes.” As people across the globe mobilize to demand … Continue reading




loud

Cloud Watching 101

The sky may be the greatest free show on earth. You can look up any time, anywhere and tap into the awe and wonder of this ever-changing natural phenomenon. These videos and infographic provide some basic information to inform your … Continue reading





loud

Streamline Your Design Workflow with Adobe’s Creative Cloud Libraries and New AI-Powered Tools

Thanks to the AI-powered Adobe Creative Cloud Libraries, creatives can now simplify workflows and design processes in seconds!




loud

From Loud Layoffs to Quiet Hiring: What Employers Need to Know in 2023




loud

Legal Battles Cloud Tipped Wage Limits After Fifth Cir. Ruling

David Jordan discusses the framework of the 80/20 tip-credit rule and its current impact on employers after the Fifth Circuit’s recent decision leaves a version of the rule up for questioning.

Bloomberg Law

View (Subscription required)




loud

ETSI releases three specifications for cloud-based digital signatures

ETSI releases three specifications for cloud-based digital signatures

Sophia Antipolis, 2 April 2019

The ETSI technical committee on Electronic Signature Infrastructure (TC ESI) has just released a set of three Technical Specifications for cloud-based digital signatures supporting mobile devices: ETSI TS 119 431-1, ETSI TS 119 431-2 and ETSI TS 119 432. This new set of standards supports the creation of digital signatures in the cloud, facilitating digital signature deployment by avoiding the need for specialized user software and secure devices.

Read More...




loud

ETSI NFV Release 4 empowers orchestration and cloud enabled deployments

ETSI NFV Release 4 empowers orchestration and cloud enabled deployments

Offers increased support for automation

Sophia Antipolis, 8 October 2019

The ETSI Industry Specification Group (ISG) for Network Functions Virtualisation (NFV) has started working on its next specification release, known as Release 4. While NFV-based deployments are expanding worldwide and show the benefits of network function virtualization, new technologies are expected to be leveraged and features are being added in support of 5G and novel fixed access network deployments that are emerging in many countries. The release 4 work programme will provide the right setting to further enhance the NFV framework by considering recent technological advances, as well as ways to simplify its usage, that are aligned with the current trends in the industry towards network transformation.

Read More...




loud

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...




loud

ETSI Unveils First Cloud-Native VNF Management Specifications

ETSI Unveils First Cloud-Native VNF Management Specifications

Sophia Antipolis, 17 November 2020

The ETSI group on Network Functions Virtualization (ETSI Industry Specification Group NFV) is pleased to unveil its first specification enabling containerized VNFs to be managed in an NFV framework. The ETSI GS NFV-IFA 040 specifies requirements for service interfaces and an object model for OS (Operating System) container management and orchestration.

Read More...




loud

Listen to ETSI webinar: “IPv6 Enhanced Innovation: the IPv6-only Future in the 5G, IoT & Cloud Era"

Listen to ETSI webinar: “IPv6 Enhanced Innovation: the IPv6-only Future in the 5G, IoT & Cloud Era"

Sophia Antipolis, 17 September 2021

ETSI has successfully held two webinars on ‘IPv6 Enhanced Innovation: the IPv6-Only Future in the 5G, IoT & Cloud Era’ on 13 September. They are available at the following locations:

Part 1: https://www.brighttalk.com/webcast/12761/497800;

Part 2: https://www.brighttalk.com/webcast/12761/497809

Ten experts from government institutions, operators, manufacturers and research institutes, shared their vision and the progress made to date within ETSI ISG (Industry Specification Group) IPE (IPv6 Enhanced innovation).

Read More...




loud

ETSI NFV Release 5 kicks off with increased support for cloud-enabled deployments

ETSI NFV Release 5 kicks off with increased support for cloud-enabled deployments

Sophia Antipolis, 9 November 2021

The ETSI Industry Specification Group (ISG) for Network Functions Virtualization (NFV) has started working on its next specification release, known as "Release 5”, officially kicking off the new Release technical work after their September meeting.

The Release 5 work program is expected to drive ETSI NFV’s work into two main directions: consolidating the NFV framework and expanding its applicability and functionality set. On the one hand, some aspects of the NFV concepts and functionalities that have been addressed in previous Releases, but need additional work, will be further developed in Release 5. For instance, based on development, deployment experience and feedback collected during testing events such as the “NFV/MEC Plugtests”, additional work on VNF configuration was deemed necessary. Another example is the more detailed specification work related to fault management modelling which aims at further defining faults and alarms information to improve interoperability during network operations, in particular for root cause analysis and fault resolution in multi-vendor environments.

Read More...




loud

ETSI NFV Releases Architecture Enhancements to Support Cloud-Native Network Functions

Sophia Antipolis, 26 January 2023

The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its next drop of specifications around new enhancements of the NFV architecture that will support cloud-native network functions.

Read More...




loud

ETSI launches second release of TeraFlowSDN, its open source Cloud-Native SDN Orchestrator and Controller for transport networks

Sophia Antipolis, 2 February 2023

ETSI Open Source Group TeraFlowSDN has just announced the 2nd release of TeraFlowSDN controller, an innovative and robust SDN orchestrator and controller.

Read More...




loud

TeraFlowSDN Release 3 Provides a Cloud-based Network Automation Platform Featuring New Optical SDN Controller and Expanded Support for Disaggregated Networks

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...




loud

ETSI Open Source MANO announces Release SIXTEEN, enabling cloud-native orchestration of cloud infrastructure and applications

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...




loud

CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

View Change Log

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

CVEDescriptionCVSSv3
CVE-2024-47575FortiManager Missing authentication in fgfmsd Vulnerability9.8

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

 

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

 

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Affected ProductAffected VersionsFixed Version
FortiManager 6.26.2.0 through 6.2.12Upgrade to 6.2.13 or above
FortiManager 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiManager 7.07.0.0 through 7.0.12Upgrade to 7.0.13 or above
FortiManager 7.27.2.0 through 7.2.7Upgrade to 7.2.8 or above
FortiManager 7.47.4.0 through 7.4.4Upgrade to 7.4.5 or above
FortiManager 7.67.6.0Upgrade to 7.6.1 or above
FortiManager Cloud 6.46.4 all versionsMigrate to a fixed release
FortiManager Cloud 7.07.0.1 through 7.0.12Upgrade to 7.0.13 or above
FortiManager Cloud 7.27.2.1 through 7.2.7Upgrade to 7.2.8 or above
FortiManager Cloud 7.47.4.1 through 7.4.4Upgrade to 7.4.5 or above
FortiManager Cloud 7.6Not affectedNot Applicable

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

Change Log

Update October 23: The blog has been updated with new information about in-the-wild exploitation and threat actor activity associated with this vulnerability.

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.




loud

How To Protect Your Cloud Environments and Prevent Data Breaches

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

  • Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
  • Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
  • Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

  1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
  2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
  3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
  4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more




loud

Securing Financial Data in the Cloud: How Tenable Can Help

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

  • Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
  • Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
  • Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
  • Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

  • Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
  • Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
  • Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
  • Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data




loud

IoT Unplugged – S3:E7 – Establishing priorities for Cloud security

In this episode of the IoT Insider podcast, Bernard Montel provides a brief history of the evolution of the Cloud and the challenges of securing it.




loud

Tenable Research to Discuss Cloud Security Attack Techniques and Detection Strategies at fwd:cloudsec Europe 2024

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

tenablepr@tenable.com




loud

Tenable Cloud Risk Report Sounds the Alarm on Toxic Cloud Exposures Threatening Global Organizations

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.1 

Additional key findings from the report include: 

  • 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
  • 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
  • Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
  • 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
  • 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

1 IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

tenablepr@tenable.com




loud

Tenable Tackles Emerging Cloud and AI Risks With the Launch of Data and AI Security Posture Management for Cloud Environments

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

  • Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
  • Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
  • Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com

###

Media Contact:

Tenable

tenablepr@tenable.com





loud

Loudmouths

Sometimes, the only way to make an impact is to be loud. This hour, three female performers talk about the rewards — and consequences — that come from speaking out and making people feel uncomfortable. Guests include comedian Lilly Singh, Pussy Riot co-founder Nadya Tolokonnikova and actor, playwright and director Sarah Jones.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at: plus.npr.org/ted

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy




loud

Unapologetically loud women who push boundaries — but not without pushback

Sometimes, the only way to make an impact is to be loud. This hour, three female performers talk about the rewards — and consequences — that come from speaking out and making people feel uncomfortable. Guests include comedian Lilly Singh, Pussy Riot co-founder Nadya Tolokonnikova and actor, playwright and director Sarah Jones.

Original Broadcast Date: October 20, 2023.

TED Radio Hour+ subscribers now get access to bonus episodes, with more ideas from TED speakers and a behind the scenes look with our producers. A Plus subscription also lets you listen to regular episodes (like this one!) without sponsors. Sign-up at plus.npr.org/ted.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy




loud

Hybrid Industrial Cloud Adoption by Manufacturers to Double by 2023

Hybrid industrial cloud adoption will more than double over the next five years at 21.1% CAGR.




loud

White Paper: Machine Vision, AI & the Cloud are Creating the Scalable, Autonomous Inspection System of the Future

It is impossible to overestimate the critical nature of keen and constant visual inspection in any production process. That’s why an advanced vision system is vital for any of today’s advanced production lines – as well as for “yesterday’s” older and more issue-prone lines. 




loud

Over the Clouds Giclee on Paper

Over the Clouds Giclee on Paper by Lorelay Bove is a(n) Zeta. The Edition is Limited to Edition of 95 pcs




loud

Cloud King

Cloud King by Christopher Pardell is a(n) Limited Edition. The Edition is Limited to Limited Edition of 500 pcs




loud

Cloud King Artist Proof

Cloud King Artist Proof by Christopher Pardell is a(n) Limited Edition. The Edition is Limited to Artist Proof of 50 pcs




loud

NetSuite's ERP is Situated in the Cloud

NetSuite’s Oracle enterprise resource planning (ERP) software is engineered to scale with business-es as they grow and designed to streamline mission-critical processes.




loud

eSUB and PlanGrid Partner to Integrate Mobile and Cloud Applications

eSUB Construction Software has announced a new product integration, bringing together PlanGrid’s field productivity application with eSUB’s project management and document control platform for collaboration and productivity in the field.




loud

Cloud Connected Product Gives Homeowners Indoor Air Quality Peace of Mind

At the 2020 AHR Expo, Broan-NuTone introduced Overture, a fully automated, cloud-connected, whole-home IAQ system that monitors and optimizes air in the home.




loud

CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Posted by Daniel Augusto Veronezi Salvador on Nov 12

Severity: important

Affected versions:

- Apache CloudStack 4.0.0 through 4.18.2.4
- Apache CloudStack 4.19.0.0 through 4.19.1.2

Description:

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the
primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack
4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that...




loud

Episode 204: Anil Madhavapeddy on the Mirage Cloud Operating System and the OCaml Language

Robert talks to Dr. Anil Madhavapeddy of the Cambridge University (UK) Systems research group about the OCaml language and the Mirage cloud operating system, a microkernel written entirely in OCaml. The outline includes: history of the evolution from dedicated servers running a monolithic operating system to virutalized servers based on the Xen hypervisor to micro-kernels; […]




loud

Episode 216: Adrian Cockcroft on the Modern Cloud-based Platform

Adrian Cockcroft discusses the challenges in creating a dynamic, flexible, cloud-based platform with SE Radio host Stefan Tilkov. After briefly discussing the definition of “cloud computing,” Adrian explains the history behind Netflix’s move to the cloud (which he led). After highlighting some of the differences that have developers and architects must face, Adrian talks about […]




loud

SE-Radio Episode 314: Scott Piper on Cloud Security

Scott Piper and Kim Carter discuss Cloud Security. The Shared Responsibility Model, assets, risks, and countermeasures, evaluation techniques for comparing the security stature of CSPs. Scott discusses his FLAWS CTF engine. Covering tools Security Monkey and StreamAlert.




loud

Episode 547: Nicholas Manson on Identity Management for Cloud Applications

Nicholas Manson, a SaaS Architect with more than 2 decades of experience building cloud applications, speaks with host Kanchan Shringi about identity and access management requirements for cloud applications. They begin by examining what a digital...