Security Boulevard’s Post

CrowdStrike and AWS expand deal to drive cloud security and AI - ITPro: CrowdStrike and AWS expand deal to drive cloud security and AI  ITPro #CyberSecurity #InfoSec #SecurityInsights

A cloud vulnerability a lot of people apparently don't know about: .env files contain secrets such as hard-coded cloud access keys, and not configuring them properly can lead to very bad things. #Cloud #CloudSecurity #AWS #Vulnerabilities #IAM #CredentialTheft #CloudStorage #Security #Cybersecurity #AttackSurfaceManagement #VulnerabilityManagement https://lnkd.in/eGkctyhd

A cloud vulnerability a lot of people apparently don't know about: .env files contain secrets such as hard-coded cloud access keys, and not configuring them properly can lead to very bad things. #Cloud #CloudSecurity #AWS #Vulnerabilities #IAM #CredentialTheft #CloudStorage #S3 #Security #Cybersecurity #AttackSurfaceManagement #VulnerabilityManagement Palo Alto Networks Unit 42 Palo Alto Networks https://lnkd.in/eYW-VMV8

Last Thursday Palo Alto Networks Unit 42 shared an interesting report where they revealed a large-scale cloud extortion operation exploiting exposed .env files to target organizations. Some key points from the report: - Initial Access: Attackers leveraged exposed environment variable files (.env files) containing sensitive credentials. - Wide Reach: Over 230 million targets scanned; 110,000 domains exploited; 90,000 unique variables leaked; obtained 7,000 cloud service and 1,500 social media accounts. - Data Exfiltration: Ransom notes were placed in compromised cloud storage containers. - Attack Infrastructure: Utilized AWS, Tor, VPNs, and VPS endpoints. - Automation: Extensive automation enabled rapid and efficient execution. What can organizations do to protect themselves from these types of attacks? - Avoid exposing sensitive .env files publicly. - Implement multi-factor authentication. - Regularly audit and remove unused cloud service credentials. https://lnkd.in/dfT8HR37

Know thy environment (variables)!! "the attackers’ success relied on misconfigurations in victim organizations that inadvertently exposed their .env files. It did not result from vulnerabilities or misconfigurations in cloud providers’ services. This post will detail the cloud extortion campaign by examining different tactics from the MITRE ATT&CK framework as we recount and explain the events." All too familiar Zero Trust , Do NOTs "Multiple security missteps were present. Exposing environment variables Using long-lived credentials Absence of least privilege architecture " Remember user enumeration feature / bug ? "Attackers also successfully attempted the AWS API request ListUsers to gather a list of IAM users in the AWS account as well as the API request ListBuckets to identify all the existing S3 buckets." https://lnkd.in/gmjquqHx

The Microsoft #Sentinel engineering team has been busy adding new features! The Amazon Web Services (AWS) #S3 connector went GA and the Codeless Connector building and the SIEM migration experience are both now in preview. Check out what else is new in March! https://lnkd.in/d6cscf6k #msftadvocate #siem #cybersecurity #microsoftsecurity Microsoft AI Cloud Partner Program Microsoft Cloud Microsoft Azure Microsoft Security

I finally got around to reading through the detailed analysis from Palo Alto Networks Unit 42 on the recent attacks against over 110,000 AWS accounts. Very interesting methods used by the attackers, but this campaign also highlights the need to do the basics: - Basic configuration of your cloud service provider account - Basic configuration of your identity management - Basic configuration of your cloud assets - Basic logging and monitoring - Basic incident response There were no vulnerabilities exploited here. The attackers were sophisticated, but this doesn't look like a nation state-level attack. Even if you do not use AWS, I would encourage you to take a look at the analysis: https://lnkd.in/gwmBcs4w

Gain insights into GenAI security as AWS CISO answers frequently asked questions in this insightful interview via Nancy Liu on SDxCentral https://lnkd.in/dryP-Sy8 #awscloud #AWS #GenAI #Cybersecurity

Upwind is raising the bar in Threat Detection, Cloud Detection and Response, and noise reduction for Security Engineers. Only runtime data allows security teams to see targeted and accurate risks in their environment and stop threats before they become incidents. https://lnkd.in/gQ_W2Q2r

🏎️ AI-driven Cloud Anomaly Detection Detecting suspicious behaviour in cloud environments presents a significant challenge in cybersecurity because of the cloud's rapid pace and intricate nature. The cloud infrastructure and virtual assets are constantly changing, making it difficult to identify and respond to threats efficiently. The intricate configurations of the cloud, the temporary nature of assets, and the vast amount of data produced can obscure malicious activities, highlighting the need for advanced monitoring and analysis tools. Learn more: https://bit.ly/3I3mn2X #SecureAI #AWS #OCI #Azure #GCP