Tag: cloud
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…
-
Technical Analysis of Zloader Updates
Tags: access, attack, banking, cloud, communications, control, corporate, data, data-breach, detection, dns, encryption, malware, network, ransomware, strategy, threat, update, windowsIntroductionZloader (a.k.a. Terdot, DELoader, or Silent Night) is a Zeus-based modular trojan that emerged in 2015. Zloader was originally designed to facilitate banking, but has since been repurposed for initial access, providing an entry point into corporate environments for the deployment of ransomware. Following an almost two-year hiatus, Zloader reemerged in September 2023 with significant enhancements…
-
Schutz, Compliance, Flexibilität: – Die Zukunft der E-Mail-Sicherheit liegt in der Cloud
First seen on security-insider.de Jump to article: www.security-insider.de/cloud-basierte-email-sicherheitsloesungen-retarus-a-20a775fc24e78e27f27bbbb5c16ba5b9/
-
God Mode Vulnerability Lets Attackers Access Any Resource in Microsoft Cloud Tenants
A recently disclosed flaw, tracked as CVE-2025-55241, allowed any attacker in possession of a single “Actor token” from a test or lab tenant to assume full administrative control overeveryMicrosoft Entra ID (Azure AD) customer globally. Security researcher Dirk-Jan Mollema revealed that a critical validation error in Microsoft’s token-based service communication could have turned a low-privilege…
-
CSO Awards winners highlight security innovation and transformation
Tags: ai, attack, automation, awareness, best-practice, business, ciso, cloud, compliance, conference, control, cyber, cybersecurity, data, defense, detection, finance, flaw, framework, governance, group, guide, infrastructure, intelligence, login, malicious, metric, mitre, network, penetration-testing, phishing, privacy, programming, risk, risk-management, service, siem, skills, soc, software, technology, threat, tool, training, update, vulnerability, vulnerability-managementFSU tackles third-party risk with tighter vendor management program: Organization: Florida State UniversityProject: Third-Party Risk Management ProgramSecurity leader: Bill Hunkapiller, CISOOfficials at Florida State University wanted to ensure that data shared with outside entities was well protected. To achieve that, CISO Bill Hunkapiller and his team revamped its third-party risk management program so that the…
-
Pentagon Bans China-Based Engineers Over Hacking Concerns
The Pentagon bans China-based staff from cloud work after reports warn of espionage risks and urge tighter supply chain security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/pentagon-bans-china-based-engineers-over-hacking-concerns/
-
Stay Ahead with Advanced NHI Monitoring
How Secure is Your Organization’s Cloud Environment? Could your organization be overlooking the vital role of Non-Human Identities (NHIs) in cybersecurity? Where cloud environments are ubiquitous, ensuring their security is paramount. NHIs, which are essentially machine identities, facilitate critical functions in cloud-based systems but, if mismanaged, can expose organizations to severe risks. The growing complexity……
-
Gain Confidence with Stronger Cloud Defenses
How Can Non-Human Identities Fortify Your Cloud Security Strategy? When thinking about cybersecurity, how often do you consider the role of Non-Human Identities (NHIs)? With more organizations migrate to cloud-based systems, managing these machine identities has become critical to maintaining secure cloud. NHIs, which encompass encrypted passwords, tokens, and keys, function like digital passports and……
-
Hackers Steal SonicWall Firewall Configurations
Hackers Accessed Backup Firewall Preference Files. Firewall maker SonicWall is telling customers to reset credentials after hackers stole firewall configuration backup files stored in its cloud service. Hackers launched brute force attacks against servers storing backup files. They stole configuration data of roughly 5% of the install base. First seen on govinfosecurity.com Jump to article:…
-
Microsoft thinks cloud PCs might be overkill, starts streaming just apps under Windows 365
As old-school virtual desktop player Omnissa distances itself further from VMware First seen on theregister.com Jump to article: www.theregister.com/2025/09/18/microsoft_cloud_apps_omnissa_update/
-
Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks, alarming some in the security community. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-azure-entra-id-flaw-microsoft-iam-issues
-
Entra ID vulnerability exposes gaps in cloud identity trust models, experts warn
Tags: advisory, api, cloud, cve, exploit, flaw, identity, microsoft, mitigation, risk, service, technology, update, vulnerabilityPatching is done, yet the risk lingers: While CVE-2025-55241 initially carried a maximum base severity score of 10.0 out of 10, Microsoft later revised its advisory on September 4 to rate the flaw at 8.7, reflecting its own exploitability assessment.Microsoft rolled out a fix globally within days of the initial report, adding that its internal…
-
Enterprise Cybersecurity Strategy: How to Secure Large Scale Businesses
Enterprise cybersecurity involves a wide-ranging method aimed at protecting company networks, data, apps, and cloud platforms from a rising number of cyber threats. It focuses on lowering weaknesses, strengthening security measures, and keeping operations steady even when attacks happen. This approach relies on modern technology, security platforms, and clear policies supported by employee training to……
-
Enterprise Cybersecurity Strategy: How to Secure Large Scale Businesses
Enterprise cybersecurity involves a wide-ranging method aimed at protecting company networks, data, apps, and cloud platforms from a rising number of cyber threats. It focuses on lowering weaknesses, strengthening security measures, and keeping operations steady even when attacks happen. This approach relies on modern technology, security platforms, and clear policies supported by employee training to……
-
Enterprise Cybersecurity Strategy: How to Secure Large Scale Businesses
Enterprise cybersecurity involves a wide-ranging method aimed at protecting company networks, data, apps, and cloud platforms from a rising number of cyber threats. It focuses on lowering weaknesses, strengthening security measures, and keeping operations steady even when attacks happen. This approach relies on modern technology, security platforms, and clear policies supported by employee training to……
-
Entra ID Bug Could Have Exposed Every Microsoft Tenant
A flaw in Entra ID let attackers seize Microsoft tenants; learn how the patch and best practices protect cloud identity. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/entra-id-bug-microsoft-tenant/
-
WatchGuard patches ‘critical’ VPN flaw in firewalls that could lead to compromise
Who is affected?: A list of the nearly three dozen firewall models affected by CVE-2025-9242 is available from WatchGuard’s website. The vulnerable versions of the Fireware OS are 2025.1, 12.x, 12.5.x (T15 & T35 models), 12.3.1 (FIPS-certified release), and 11.x (end of life). These are addressed (in the same order) by updating to versions 2025.1.1,…
-
What’s New in Tenable Cloud Security: A More Personalized, Global and Comprehensive Experience
Tags: best-practice, cloud, compliance, container, control, data, fintech, framework, infrastructure, kubernetes, least-privilege, microsoft, oracle, risk, service, threat, tool, update, vulnerabilityCheck out the latest enhancements to our CNAPP product, including a more intuitive user experience with customizable dashboards, and stronger workload protection and data security. These improvements are designed to help you personalize workflows and gain deeper visibility across workloads, compliance frameworks and cloud databases. Key takeaways Tenable Cloud Security is now more personalized and…
-
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Unlike most prompt injections, ShadowLeak executes on OpenAI’s cloud-based infrastructure. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt-research-agent-pilfers-secrets-from-gmail-inboxes/
-
Crims bust through SonicWall to grab sensitive config data
Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices First seen on theregister.com Jump to article: www.theregister.com/2025/09/18/sonicwall_breach/
-
Top 10 Best NGFW (Next”‘Generation Firewall) Providers in 2025
Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next”‘Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robust traffic filtering, but also deep packet inspection, advanced threat intelligence, and seamless cloud integration for defense against today’s persistent and evolving threats. Why Top 10 Best…
-
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts.The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of…
-
Salesforce Partners with Google Cloud to Integrate Gemini AI in Multi-Billion Dollar Deal
Discover the transformative partnership between Salesforce and Google Cloud, focusing on AI integration and enhanced CRM capabilities. Learn how this collaborat First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/salesforce-partners-with-google-cloud-to-integrate-gemini-ai-in-multi-billion-dollar-deal/
-
Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
The Cloud Edge Is The New Attack Surface
The cloud now acts as the connecting infrastructure for many companies’ assets, from IoT devices to workstations to applications and workloads, exposing the edge to threats. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
-
SonicWall Discloses Compromise of Cloud Backup Service
SonicWall said that threat actors accessed firewall preference files stored in the cloud for around 5% of its firewall install base First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sonicwall-compromise-cloud-backup/
-
Who Owns Threat and Exposure Management in Your Organization?
A study conducted by Enterprise Strategy Group, now part of Omdia, in partnership with Tenable shows responsibility for exposure management scattered across multiple teams with conflicting priorities. It’s time to build the team of the future, discover what ‘good’ looks like and how to get there. Key takeaways Teams are fragmented, with most organizations lacking…
-
Who Owns Threat and Exposure Management in Your Organization?
A study conducted by Enterprise Strategy Group, now part of Omdia, in partnership with Tenable shows responsibility for exposure management scattered across multiple teams with conflicting priorities. It’s time to build the team of the future, discover what ‘good’ looks like and how to get there. Key takeaways Teams are fragmented, with most organizations lacking…
-
Who Owns Threat and Exposure Management in Your Organization?
A study conducted by Enterprise Strategy Group, now part of Omdia, in partnership with Tenable shows responsibility for exposure management scattered across multiple teams with conflicting priorities. It’s time to build the team of the future, discover what ‘good’ looks like and how to get there. Key takeaways Teams are fragmented, with most organizations lacking…