Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…

“We are going to have to assess where we are in regards to the ongoing litigation and determine what the best path forward is for the department,” deputy Pentagon press secretary Jamal Brown said, citing remarks by Deputy Defense Secretary Kathleen Hicks at a public forum late last month. Hicks said then that she could…

How to implement least privilege in the cloud

According to a recent survey of 241 industry experts conducted by the Cloud Security Alliance (CSA), misconfiguration of cloud resources is a leading cause of data breaches. The primary reason for this risk? Managing identities and their privileges in the cloud is extremely challenging because the scale is so large. It extends beyond just human…

AWS Security Hub aggregates security alerts and conducts continuous compliance checks

AWS Security Hub gives customers a central place to manage security and compliance across an AWS environment. It aggregates, organizes, and prioritizes security alerts – called findings – from AWS services such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, and from a large and growing list of AWS Partner Network (APN) solutions. Customers can…

Enhancing cloud security for AWS deployments

So many organizations are migrating their entire IT infrastructure to the cloud and adopting a “cloud first” approach. With this approach, organizations cut down on overall IT business costs, while increasing scalability, modernizing their IT infrastructure and enabling collaboration among development teams to help solve complex challenges. The most popular cloud computing platform on the…

Hackers Leverage AWS To Breach, Persist In Corporate Networks

A new body of evidence indicates threat actors are using increasingly advanced techniques to target cloud providers and leveraging cloud-specific traits to hide their activity as they breach and persist in target networks. Data comes from the Threat Stack security team, which spotted the pattern over multiple years of observing behavior on client networks. It…