Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2025-05-07 14:00:00 |
Infrastructure comme code: un guide IAC pour la sécurité du cloud Infrastructure as Code: An IaC Guide to Cloud Security (lien direct) |
IAC est puissant. Il apporte la vitesse, l'échelle et la structure aux infrastructures cloud. Mais rien de tout cela n'a d'importance si votre sécurité ne peut pas suivre.
IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can\'t keep up. |
Cloud
|
|
★★★
|
 |
2025-05-01 23:28:19 |
Sans Top 5: Cyber est sorti du SOC SANS Top 5: Cyber Has Busted Out of the SOC (lien direct) |
Cette année, les meilleurs cyber-défis incluent l'étalement de l'autorisation du cloud, les cyberattaques ICS et les ransomwares, le manque de journalisation des nuages et les contraintes réglementaires empêchant les défenseurs d'utiliser pleinement les capacités de l'AI \\.
This year\'s top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI\'s capabilities. |
Ransomware
Industrial
Cloud
|
|
★★
|
 |
2025-04-22 21:29:35 |
Microsoft purge des millions de locataires cloud à la suite de Storm-0558 Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558 (lien direct) |
Le géant de la technologie stimule l'ENTRA ID et la sécurité MSA dans le cadre de la vaste initiative Future Secure Future (SFI) que la société a lancé à la suite d'une violation chinoise de son environnement en ligne d'échange en 2023.
The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT\'s breach of its Exchange Online environment in 2023. |
Cloud
|
|
★★★
|
 |
2025-04-22 16:46:51 |
\\ 'Cookie Bite \\' Entra ID Attack expose Microsoft 365 \\'Cookie Bite\\' Entra ID Attack Exposes Microsoft 365 (lien direct) |
Un vecteur d'attaque de preuve de concept (POC) exploite deux jetons d'authentification Azure à partir d'un navigateur, donnant aux acteurs de la menace un accès persistant aux services cloud clés, y compris les applications Microsoft 365.
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications. |
Threat
Cloud
|
|
★★★
|
 |
2025-04-18 15:24:58 |
La CISA pèse sur une violation présumée d'Oracle Cloud CISA Weighs In on Alleged Oracle Cloud Breach (lien direct) |
L'agence recommande que les organisations et les particuliers mettent en œuvre ses recommandations pour empêcher l'utilisation abusive des données volées, bien qu'Oracle ne fasse pas encore de même pour ses clients.
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers. |
Cloud
|
|
★★★
|
 |
2025-04-16 15:38:07 |
Cloud, défauts de cryptographie dans les applications mobiles, fuite des données d'entreprise Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data (lien direct) |
Les erreurs de configuration des cloud et les défauts de cryptographie affligent certaines des meilleures applications utilisées dans des environnements de travail, exposant les organisations au risque et à l'intrusion.
Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion. |
Mobile
Cloud
|
|
★★★
|
 |
2025-04-14 16:34:17 |
Chinois Apts exploite edr \\ 'écart de visibilité \\' pour le cyber-espionnage Chinese APTs Exploit EDR \\'Visibility Gap\\' for Cyber Espionage (lien direct) |
Les angles morts dans la visibilité du réseau, y compris dans les pare-feu, les appareils IoT et le cloud, sont exploités par des acteurs chinois soutenus par l'État avec un succès croissant, selon New Threat Intelligence. Voici comment les experts disent que vous pouvez avoir des yeux sur tout cela.
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here\'s how experts say you can get eyes on it all. |
Threat
Cloud
|
|
★★★
|
 |
2025-04-14 14:00:00 |
7 RSAC 2025 Cloud Security Sessions Vous ne voulez pas manquer 7 RSAC 2025 Cloud Security Sessions You Don\\'t Want to Miss (lien direct) |
Certains des esprits les plus brillants de l'industrie discuteront de la façon de renforcer la sécurité du cloud.
Some of the brightest minds in the industry will discuss how to strengthen cloud security. |
Cloud
|
|
★★★
|
 |
2025-04-10 20:41:31 |
Authzen vise à harmoniser les contrôles d'autorisation fracturés AuthZEN Aims to Harmonize Fractured Authorization Controls (lien direct) |
La gestion des autorisations et des autorisations dans des dizaines ou des centaines de services et plateformes cloud pose des maux de tête importants pour les entreprises. Une spécification ouverte vise à changer cela.
Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that. |
Cloud
|
|
★★★
|
 |
2025-04-09 22:40:04 |
Google fusionne les offres de sécurité dans une suite cohésive Google Merges Security Offerings Into a Cohesive Suite (lien direct) |
Google Unified Security rassemble la détection des menaces, la sécurité alimentée par l'IA, les fonctionnalités de navigateur sécurisées et les services mandiant, a déclaré la société lors de sa prochaine conférence Cloud.
Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference. |
Threat
Cloud
Conference
|
|
★★★
|
 |
2025-04-09 18:59:10 |
Oracle semble admettre la violation de 2 \\ 'serveurs obsolètes Oracle Appears to Admit Breach of 2 \\'Obsolete\\' Servers (lien direct) |
La société de base de données a déclaré que son infrastructure Oracle Cloud (OCI) n'était pas impliquée dans la violation. Et au moins un cabinet d'avocats qui demande des dommages-intérêts est déjà sur l'affaire.
The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case. |
Cloud
|
|
★★
|
 |
2025-04-07 22:14:51 |
Palo Alto Networks commence le déploiement de la sécurité unifiée Palo Alto Networks Begins Unified Security Rollout (lien direct) |
Cortex Cloud intègre Prisma Cloud avec CDR pour fournir une gestion de la posture de sécurité consolidée et une détection et une correction des menaces en temps réel.
Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation. |
Threat
Cloud
|
|
★★★
|
 |
2025-04-01 14:00:00 |
Google \\ 'ImageRunner \\' Bogue Activé l'escalade de privilège Google \\'ImageRunner\\' Bug Enabled Privilege Escalation (lien direct) |
Tenable a publié les détails d'un défaut Google Cloud Run qui, avant l'assainissement, a permis à un acteur de menace de dégénérer les privilèges.
Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges. |
Threat
Cloud
|
|
★★
|
 |
2025-03-31 21:29:43 |
Les utilisateurs d'Oracle Cloud ont demandé à agir Oracle Cloud Users Urged to Take Action (lien direct) |
Bien qu'Oracle ait nié que ses services d'infrastructure cloud aient été violés, les experts en sécurité recommandent de vérifier indépendamment les clients d'Oracle s'ils ont été affectés et prennent des mesures pour réduire l'exposition aux retombées potentielles.
Although Oracle has denied its cloud infrastructure services were breached, security experts recommend Oracle customers independently verify if they were affected and take measures to reduce exposure to potential fallout. |
Cloud
|
|
★★★
|
 |
2025-03-28 21:04:46 |
GSA prévoit la refonte Fedramp GSA Plans FedRAMP Revamp (lien direct) |
La General Services Administration prévoit d'utiliser l'automatisation pour accélérer le processus afin de déterminer quelles agences fédérales des services cloud sont autorisées à acheter.
The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy. |
Cloud
|
|
★★★
|
 |
2025-03-28 18:26:49 |
Oracle nie toujours la violation alors que les chercheurs persistent Oracle Still Denies Breach as Researchers Persist (lien direct) |
Les preuves suggèrent qu'un attaquant a eu accès à l'environnement d'infrastructure cloud de l'entreprise, mais Oracle insiste sur le fait que cela ne s'est pas produit.
Evidence suggests an attacker gained access to the company\'s cloud infrastructure environment, but Oracle insists that didn\'t happen. |
Cloud
|
|
★★★
|
 |
2025-03-27 11:00:00 |
Les alertes de sécurité du cloud à haute sévérité ont triplé en 2024 High-Severity Cloud Security Alerts Tripled in 2024 (lien direct) |
Les attaquants ne font que passer plus de temps à cibler le cloud - ils volent impitoyablement des données plus sensibles et accédant à des systèmes plus critiques que jamais.
Attackers aren\'t just spending more time targeting the cloud - they\'re ruthlessly stealing more sensitive data and accessing more critical systems than ever before. |
Cloud
|
|
★★★
|
 |
2025-03-24 15:29:40 |
Oracle nie la réclamation de la violation d'Oracle Cloud de 6M Records Oracle Denies Claim of Oracle Cloud Breach of 6M Records (lien direct) |
Un acteur de menace a publié des données sur BreachForums d'une prétendue attaque de chaîne d'approvisionnement qui a affecté plus de 140 000 locataires, affirmant avoir compromis le cloud via une faille zéro-jour de Weblogic, selon des chercheurs.
A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say. |
Vulnerability
Threat
Cloud
|
|
★★
|
 |
2025-03-19 17:05:03 |
L'adoption des nuages de l'IA est en proie à des cyber erreurs AI Cloud Adoption Is Rife With Cyber Mistakes (lien direct) |
La recherche révèle que les organisations accordent un accès root par défaut et font d'autres grands faux pas, y compris un concept de construction de type Jenga, dans le déploiement et la configuration des services d'IA dans les déploiements cloud.
Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments. |
Cloud
|
|
★★
|
 |
2025-03-18 20:16:44 |
Google pour acquérir Wiz pour 32 milliards de dollars en jeu de sécurité multicloud Google to Acquire Wiz for $32B in Multicloud Security Play (lien direct) |
L'offre de tous les cas propose un chemin d'accès à Google pour mieux prendre en charge les clients cloud qui ont des actifs répartis dans les environnements publics, y compris Azure et autres.
The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others. |
Cloud
|
|
★★
|
 |
2025-03-13 12:31:50 |
F5 intègre la sécurité et le réseautage de l'API pour aborder l'assaut de l'IA F5 Integrates API Security and Networking to Address AI Onslaught (lien direct) |
Le nouveau contrôleur de livraison d'application F5 et la plate-forme de sécurité combine les services BIG-IP, NGINX et Distributed Cloud et les nouvelles assistants de passerelle et d'IA.
The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants. |
Cloud
|
|
★★
|
 |
2025-03-05 20:45:33 |
Aryon Security est lancé pour lutter contre les erreurs de configuration du cloud Aryon Security Launches to Tackle Cloud Misconfigurations (lien direct) |
La nouvelle startup de sécurité cloud utilise l'IA pour scanner les applications et les systèmes cloud pour les problèmes avant leur déploiement.
The new cloud security startup uses AI to scan cloud applications and systems for issues before they are deployed. |
Cloud
|
|
★★
|
 |
2025-03-04 22:19:35 |
Glide Identity s'associe à Google Cloud et à Major Telcos Glide Identity Partners With Google Cloud and Major Telcos (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★
|
 |
2025-02-20 22:28:09 |
Les données suggèrent qu'il est temps de repenser les autorisations de cloud Data Suggests It\\'s Time to Rethink Cloud Permissions (lien direct) |
Les privilèges excessifs et les lacunes de visibilité créent un terrain reproducteur pour les cyber-menaces.
Excessive privileges and visibility gaps create a breeding ground for cyber threats. |
Cloud
|
|
★★★
|
 |
2025-02-20 17:00:22 |
Google Adds Quantum-Resistant Digital Signatures to Cloud KMS (lien direct) |
The new Cloud Key Management Service is part of Google\'s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.
The new Cloud Key Management Service is part of Google\'s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards. |
Cloud
|
|
★★
|
 |
2025-02-20 16:14:06 |
ZEST Security\\'s Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★★
|
 |
2025-02-05 17:30:04 |
Abandoned AWS Cloud Storage: A Major Cyberattack Vector (lien direct) |
New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.
New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack. |
Cloud
|
|
★★★
|
 |
2025-02-04 19:26:22 |
Chinese \\'Infrastructure Laundering\\' Abuses AWS, Microsoft Cloud (lien direct) |
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection. |
Cloud
|
|
★★
|
 |
2025-02-03 23:01:49 |
EMEA CISOs Plan 2025 Cloud Security Investment (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★
|
 |
2025-02-03 22:10:32 |
Name That Edge Toon: In the Cloud (lien direct) |
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. |
Cloud
|
|
★★
|
 |
2025-01-30 15:00:00 |
Automated Pen Testing Is Improving - Slowly (lien direct) |
The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.
The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications. |
Tool
Cloud
|
|
★★
|
 |
2025-01-29 15:00:00 |
The Old Ways of Vendor Risk Management Are No Longer Good Enough (lien direct) |
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance. |
Cloud
|
|
★★★
|
 |
2025-01-24 19:47:37 |
MITRE\\'s Latest ATT&CK Simulations Tackles Cloud Defenses (lien direct) |
The MITRE framework\'s applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.
The MITRE framework\'s applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks. |
Cloud
|
|
★★
|
 |
2025-01-21 15:07:41 |
Cisco Previews AI Defenses to Cloud Security Platform (lien direct) |
Set for release in March, Cisco AI Defense will provide algorithmic red teaming of large language models with technology that came over as part of the Robust Intelligence acquisition last year.
Set for release in March, Cisco AI Defense will provide algorithmic red teaming of large language models with technology that came over as part of the Robust Intelligence acquisition last year. |
Cloud
|
|
★★★
|
 |
2025-01-15 16:51:35 |
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog (lien direct) |
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions. |
Vulnerability
Cloud
|
|
★★
|
 |
2025-01-14 21:52:52 |
1Password\\'s Trelica Buy Part of Broader Shadow IT Play (lien direct) |
The acquisition accelerates 1Password\'s ongoing efforts to expand the role of the password manager with secure SaaS management.
The acquisition accelerates 1Password\'s ongoing efforts to expand the role of the password manager with secure SaaS management. |
Cloud
|
|
★★
|
 |
2025-01-13 20:44:00 |
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw (lien direct) |
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. |
Malware
Vulnerability
Threat
Cloud
|
|
★★★
|
 |
2025-01-09 21:11:38 |
Hacking Group \\'Silk Typhoon\\' Linked to US Treasury Breach (lien direct) |
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department\'s Office of Foreign Assets Control.
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department\'s Office of Foreign Assets Control. |
Cloud
|
|
★★★
|
 |
2025-01-07 23:25:51 |
1Password Acquires SaaS Access Management Provider Trelica (lien direct) |
The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around SaaS sprawl and shadow IT.
The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around SaaS sprawl and shadow IT. |
Cloud
|
|
★★★
|
 |
2024-12-31 20:19:30 |
Managing Cloud Risks Gave Security Teams a Big Headache in 2024 (lien direct) |
The results of Dark Reading\'s 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.
The results of Dark Reading\'s 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025. |
Cloud
|
|
★★
|
 |
2024-12-18 17:24:00 |
Manufacturers Lose Azure Creds to HubSpot Phishing Attack (lien direct) |
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe. |
Cloud
|
|
★★
|
 |
2024-12-17 18:20:08 |
CISA Directs Federal Agencies to Secure Cloud Environments (lien direct) |
Actions direct agencies to deploy specific security configurations to reduce cyber-risk.
Actions direct agencies to deploy specific security configurations to reduce cyber-risk. |
Cloud
|
|
★★
|
 |
2024-12-17 16:21:38 |
Azure Data Factory Bugs Expose Cloud Infrastructure (lien direct) |
Three vulnerabilities in the service\'s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.
Three vulnerabilities in the service\'s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. |
Malware
Vulnerability
Cloud
|
|
★★
|
 |
2024-12-13 22:32:53 |
Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs (lien direct) |
Pas de details / No more details |
Cloud
|
|
★★
|
 |
2024-12-12 20:47:27 |
IoT Cloud Cracked by \\'Open Sesame\\' Over-the-Air Attack (lien direct) |
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device. |
Hack
Cloud
|
|
★★
|
 |
2024-12-11 20:47:50 |
Researchers Crack Microsoft Azure MFA in an Hour (lien direct) |
A critical flaw in the company\'s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
A critical flaw in the company\'s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. |
Cloud
|
|
★★★★
|
 |
2024-12-10 16:12:01 |
Cybercrime Gangs Abscond With Thousands of AWS Credentials (lien direct) |
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. |
Cloud
|
|
★★
|
 |
2024-12-09 18:00:33 |
Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption (lien direct) |
More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.
More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent. |
Cloud
|
|
★★
|
 |
2024-12-06 14:59:11 |
Open Source Security Priorities Get a Reshuffle (lien direct) |
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. |
Cloud
|
|
★★★
|
 |
2024-12-05 22:04:39 |
Russia\\'s \\'BlueAlpha\\' APT Hides in Cloudflare Tunnels (lien direct) |
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. |
Threat
Cloud
|
|
★★
|