HackDig : Dig high-quality web security articles

Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding

Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.Founded in April 2020, the London, United Kingdom-based security firm helps enterprises investigate and respond to cyber-incidents in cloud environments.Providing autom
Publish At:2021-04-15 23:40 | Read:185 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Cloud security

How to Design and Roll Out a Threat Model for Cloud Security

Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your cloud landscape. The
Publish At:2021-04-15 13:01 | Read:65 | Comments:0 | Tags:Cloud Security Security Intelligence & Analytics Security Se

Unveil hidden malicious processes with Falco in cloud-native environments

Detecting malicious processes is already complicated in cloud-native environments, as without the proper tools they are black boxes. It becomes even more complicated if those malicious processes are hidden. A malware using open source tools to evade detection has been reported. The open source project used by the malware is libprocesshider, a tool cre
Publish At:2021-04-13 13:33 | Read:103 | Comments:0 | Tags:Uncategorized Cloud

What Does Modern Even Mean? How to Evaluate Data Security Solutions for the Hybrid Cloud and Beyond

There is a lot of talk about ‘modern’ data security. Organizations want a data security strategy that aligns with a digitally transformative vision. Tech can sometimes drown in buzzwords. What do modernization and vision actually refer to? And what do modern data security solutions really require?  Both terms refer to end-to-end data s
Publish At:2021-04-07 17:16 | Read:152 | Comments:0 | Tags:Security Intelligence & Analytics Data Protection Security S

Security Falls Short in Rapid COVID Cloud Migration

The quick pivot to the cloud for remote support also ushered in risks.Business leaned hard into the cloud during the start of the COVID-19 pandemic after widepread work-from-home support became critical. But organizations struggled to migrate to the cloud and properly secure their employees working remotely, according to research released today by Unit 42.Re
Publish At:2021-04-06 18:10 | Read:198 | Comments:0 | Tags: Cloud security

VMware Patches Critical Flaw in Carbon Black Cloud Workload

A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug. Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface f
Publish At:2021-04-05 13:28 | Read:142 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security NEWS & IN

VMware fixes authentication bypass in Carbon Black Cloud Workload appliance

VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers to bypass authentication. VMWare fixed an authentication bypass (CVE-
Publish At:2021-04-01 17:07 | Read:198 | Comments:0 | Tags:Breaking News Security Hacking information security news IT

The Role of Visibility in Securing Cloud Applications

Traditional data center approaches aren't built for securing modern cloud applications.We are living through an application development renaissance. Organizations are changing both where applications live and how they are built.Apps Live in the Public CloudApps are being built on public cloud platforms at a rapid pace as enterprises accelerate their cloud mi
Publish At:2021-04-01 11:51 | Read:192 | Comments:0 | Tags: Cloud

Questions Enterprises Should Be Asking as they Migrate to the Cloud

It wasn’t too long ago when the question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. Aside from a few stray server-huggers, enterprises have resoundingly answered in the affirmative and moved beyond that basic question.Now, though, as the COVID-19 pandemic and resulting widespread transitioning to remote
Publish At:2021-03-31 11:24 | Read:175 | Comments:0 | Tags: Cloud

In the Rush to Embrace Hybrid Cloud, Don't Forget About Security

Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security. In the last year, most organizations have accelerated adoption of cloud services far more rapidly than they originally planned to, but that doesn't mean that everything is moving to the cloud. Most organi
Publish At:2021-03-30 10:15 | Read:172 | Comments:0 | Tags: Cloud security

Cloud lateral movement: Breaking in through a vulnerable container

Lateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach? What often happens in famous attacks to Cloud environments is a vulnerable application that is publicly available can serve as an entry point. From there, attackers can try to move inside the cloud en
Publish At:2021-03-30 09:47 | Read:131 | Comments:0 | Tags:Uncategorized Cloud

AWS CIS: Manage cloud security posture on AWS infrastructure

Implementing the AWS Foundations CIS Benchmarks will help you improve your cloud security posture in your AWS infrastructure. What entry points can attackers use to compromise your cloud infrastructure? Do all your users have multi-factor authentication setup? Are they using it? Are you providing more permissions that needed? Those are some quest
Publish At:2021-03-30 09:47 | Read:160 | Comments:0 | Tags:Uncategorized Cloud security

Unified threat detection for AWS cloud and containers

Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to
Publish At:2021-03-30 09:47 | Read:205 | Comments:0 | Tags:Uncategorized Cloud

Are Cloud-Native IAM Controls Good Enough for Your Enterprise?

Organizations of every type and size are looking to the cloud for a multitude of benefits, including agility, quick time-to-value, cost savings and scalability. But enterprise-scale deployments can make this process complex, more so as it relates to identity and access management (IAM). Protections through the cloud are often a web of permissions that,
Publish At:2021-03-30 02:27 | Read:221 | Comments:0 | Tags:Cloud Security Data Protection Identity & Access Cloud DevOp

Moving from DevOps to CloudOps: The Four-Box Problem

With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way. There have been problems with organizational silos forever, namely with siloed teams not working together well. That might be why siloes began. But one of the most common organizational disconnects I've seen o
Publish At:2021-03-26 11:24 | Read:141 | Comments:0 | Tags: Cloud