Tag: Cloud Security

  • New Study Reveals Cloud Vulnerability Disparities Among Providers

    New Study Reveals Cloud Vulnerability Disparities Among Providers

    A recent report by CyCognito has uncovered significant discrepancies in the vulnerability rates among major cloud service providers, highlighting that Google Cloud and smaller providers are notably at higher risk compared to Amazon Web Services (AWS) and Microsoft Azure. This research, which analyzes nearly five million internet-exposed assets, underscores the pressing need for improved security measures across cloud infrastructures amidst rising global concerns over cyber threats.

    According to the study, 38% of assets hosted by Google Cloud were found to have at least one security issue, doubling the vulnerability rate of AWS at 15% and reflecting a troubling trend among less well-known cloud providers, including Oracle Cloud, DigitalOcean, and Linode, which also reported a 38% vulnerability rate. Furthermore, major hosting companies like GoDaddy and Hetzner were recorded at 33%, further contributing to a landscape marred by potential security breaches.

    In examining critical vulnerabilities, classified as those registering a Common Vulnerability Scoring System (CVSS) score of 9.0 or higher, Azure exhibited the highest instance among leading cloud platforms at 0.07%. In comparison, both AWS and Google Cloud were at 0.04%. While these figures seem minimal, the sheer volume of assets translates to considerable exposure, indicating that even a slight percentage can lead to hundreds of vulnerable points.

    CyCognito also assessed the ease of exploitation of these vulnerabilities, revealing a stark reality: over 13% of assets on smaller cloud platforms displayed easily exploitable flaws, while the corresponding figure for major hosting providers was close to 10%. Notably, Google Cloud showcased a higher propensity for exploitation, with 5.35% of its assets deemed easy targets – significantly outpacing AWS and Azure.

    Despite the alarming statistics from smaller cloud services, the major providers demonstrated lower overlapping risks, with less than 0.1% of their assets falling into the high-risk category of both critical and easily exploitable vulnerabilities. However, as CyCognito warns, organizations utilizing multiple cloud environments must enhance visibility and ensure that potential weak points do not go unnoticed.

    To combat these vulnerabilities, CyCognito recommends employing advanced security measures beyond conventional inventory techniques, advocating for ‘seedless’ discovery methods to better monitor all assets. Additionally, organizations should implement dynamic security testing post-deployment to effectively mitigate risks associated with cloud misconfigurations and forgotten assets.

  • Cloud Ransomware Attacks Surge as Organizations Struggle with Security

    Cloud Ransomware Attacks Surge as Organizations Struggle with Security

    A recent report by Rubrik reveals alarming trends in cyberattacks, with a staggering 90% of IT and security leaders reporting that their organizations faced a cyberattack in the past year. The persistence of ransomware attacks and a growing reliance on hybrid cloud environments highlight the urgent need for enhanced security measures, as many firms are left vulnerable due to misconceptions regarding their cloud service providers’ responsibility for data protection.

    Joe Hladik, Head of Rubrik Zero Labs, noted that the continued exploitation of hybrid cloud vulnerabilities indicates that cybercriminals remain ahead of the game. The report emphasizes that organizations must adopt a proactive approach to safeguarding their most valuable data and prioritize a data-centric security strategy that emphasizes visibility and quick recovery mechanisms. “The need for a data-centric security strategy that prioritizes visibility, control, and quick recovery has never been more urgent,” Hladik stated.

    The report also pointed out that nearly one-fifth of organizations faced over 25 cyberattacks in 2024 alone, averaging at least one breach every other week. The most prevalent attack vectors included data breaches (30%), malware on devices (29%), cloud or SaaS breaches (28%), phishing (28%), and insider threats (28%). The consequences of these attacks were significant, with 40% of respondents experiencing increased security costs and 37% noting reputational damage and lost customer trust.

    Despite the inevitable shift towards cloud adoption, challenges such as understanding application dependencies and managing hybrid environments continue to hinder full implementation. Approximately 90% of IT and security leaders manage hybrid cloud setups, with half reporting that most of their workloads have transitioned to the cloud. However, a prevalent misconception persists: the belief that cloud providers will entirely safeguard their users’ data, which often leads to a false sense of security.

    The report underscores the crisis in data recovery strategies, as 86% of organizations that experienced successful ransomware attacks last year reported paying a ransom to recover their data. Alarmingly, 74% of these organizations indicated that threat actors compromised their backup and recovery systems. With the increasing use of multiple cloud platforms—92% of organizations are utilizing two to five—it is evident that weak points in identity and access management are being exploited, exacerbating the ransomware threat.

    Insider threats are also a growing concern, with 28% of IT leaders highlighting that compromised credentials often drive these incidents. Moreover, a significant portion of high-risk sensitive files contains valuable digital data such as API keys and usernames, which are particularly attractive targets for cybercriminals seeking to hijack identities and breach critical systems.

  • Cybersecurity Sector Braces for Economic Turmoil Amidst Tariff Chaos

    Cybersecurity Sector Braces for Economic Turmoil Amidst Tariff Chaos

    Amid ongoing economic uncertainty fueled by fluctuating tariff policies, experts are predicting a potential recession in the United States that could impact various industries. As the Trump administration continues its tumultuous approach to trade, including pausing steep tariffs on major trading partners, analysts forecast that the cybersecurity industry may remain resilient in the face of economic challenges.

    According to reports from financial analysts at Wedbush Security, the cybersecurity sector is being viewed as a ‘defensive’ investment strategy as companies grapple with growing threats and a volatile economic environment. Keith Weiss, managing director at Morgan Stanley, emphasized the importance of cybersecurity, suggesting that demand for these services will be sustained due to regulatory requirements and risk management needs. He stated that the expanding attack surface and increasing threat landscape are likely to bolster demand for cybersecurity solutions.[Source] [Source]

    The economic landscape has shifted dramatically, with a recent Reuters poll indicating a significant rise in the probability of a recession to 45% from 25% just a month prior. Federal Reserve Chair Jerome Powell highlighted the difficult balance the Fed faces with the intertwining goals of managing inflation and maintaining employment, stating that rising prices could lead to market slowdowns.[Source]

    While cybersecurity firms generally focus on service rather than goods, they may still face pressure as other sectors scale back their budgets. Sonu Shankar, chief product officer at Phosphorus Cybersecurity, noted that tighter budgets could lead companies to limit security spending, but remaining demand for essential cybersecurity services may shield the industry from more severe downturns. Moreover, businesses are expected to shift their cyber strategies toward prioritizing software-centric solutions, which tend to provide better agility, especially during turbulent market periods.

    The increasing demand for SaaS and cloud-native cybersecurity solutions positions these firms to weather potential future disruptions. Morgan Stanley’s Weiss projects continued growth for products that do not rely on hardware appliances, while Forrester Research’s Jeff Pollard warned that the unpredictability of the current environment could lead organizations to adopt more conservative security budgets, ultimately impacting cybersecurity vendors and their stakeholders.

    With cyberthreats expected to rise during economic downturns, organizations must adapt their cybersecurity strategies and budgets to not only mitigate risks but also meet evolving customer requirements. As Pollard advises, security leaders should align their spending to facilitate sales during downturns, indicating that those who can effectively demonstrate the contribution of their cybersecurity investments to overall business success are poised to navigate these challenging times more effectively.

  • Hackers Exploit Cloud Native Vulnerabilities to Access AWS EC2 Metadata

    Hackers Exploit Cloud Native Vulnerabilities to Access AWS EC2 Metadata

    In a troubling new trend, cybercriminals have launched a campaign aimed at stealing sensitive AWS EC2 Instance Metadata by exploiting vulnerabilities known as server-side request forgery (SSRF) in cloud-hosted websites. According to findings from F5 Labs, these attacks predominantly targeted the older Instance Metadata Service version 1 (IMDSv1), which lacks the enhanced security features of its successor.

    During a rapid series of attempts observed in March 2025, the threat actors sought to take advantage of mistakenly exposed EC2 Instance Metadata, garnering data points like IP address, instance ID, and security credentials. Researchers at F5 noted a noticeable spike in activity over a four-day period where several identified IP addresses belonging to the ASN:34534, registered to FBW NETWORKS SAS, were used to orchestrate the campaign.

    The exploitation technique hinges on two key vulnerabilities: CWE-200, which concerns the unauthorized disclosure of sensitive information, and CWE-918, which pertains to SSRF. F5 Labs researchers emphasized that users relying on the outdated IMDSv1 are particularly susceptible, as it provides metadata access through a special internet endpoint without the need for authentication.

    To effectively combat these vulnerabilities, F5 recommends migrating to IMDSv2, which establishes stricter security protocols requiring a session token for accessing instance metadata. Additionally, applying web application firewall (WAF) rules can help mitigate risks by blocking requests from flagged IP addresses attempting to exploit SSRF vulnerabilities. Going forward, enhancing cloud security measures is imperative as cybercriminal tactics continue to evolve, putting sensitive data at risk.

  • Oracle Acknowledges Data Breach Amid Lawsuit Over Concealment

    Oracle Acknowledges Data Breach Amid Lawsuit Over Concealment

    In a significant shift from its earlier denials, Oracle Corp. has confirmed that it experienced a major data breach, notifying select customers about the incident just days after facing a class action lawsuit. The breach reportedly allowed a hacker to access sensitive client login information, including usernames, passkeys, and encrypted passwords, according to Bloomberg.

    The silence surrounding the breach has been broken as Oracle begins to privately inform clients of the security compromise, which was labeled by the company as a breach of a legacy system that has not been utilized for eight years. However, Bloomberg’s sources allege that the stolen data includes client credentials from as recently as 2024, casting doubt on Oracle’s description of the incident.

    Adding to the controversy, the class action lawsuit, filed in the U.S. District Court for the Western District of Texas, accuses Oracle of failing to secure customer data and concealing the breach from its clients. The lawsuit contends that Oracle’s actions have left customers uncertain about the security of their private information and are seeking a jury trial for damages as well as improved security measures. The suit notes that the breach could impact over 140,000 Oracle Cloud tenants, based on reports of a prior incident that compromised sensitive information of approximately 6 million records.

    Cybersecurity experts have raised concerns about the implications of such a breach, arguing that it challenges the fundamental principles of cloud security. Sunil Varkey, an advisor at Beagle Security, commented on the detrimental effects of the breach, stating, “A single hack reportedly exposed 6 million records across 140,000 tenants, and the provider did not even realize the compromise, shattering that illusion of security.”
    With legal proceedings unfolding and investigations ongoing, Oracle’s previous assertion that there had been no breach has come under scrutiny, emphasizing the importance of transparency and trust in cloud services. Further inquiry remains unanswered as stakeholders seek clarity amid growing industry concerns about data privacy and security vulnerabilities.

  • Oracle Denies Data Breach Amidst Claims of Leaked User Information

    Oracle Denies Data Breach Amidst Claims of Leaked User Information

    Oracle Corporation has officially denied a breach of its Oracle Cloud federated single sign-on (SSO) login servers, even as multiple companies confirm the validity of data samples allegedly stolen from the tech giant. The dispute arose after a threat actor known as ‘rose87168’ claimed to have compromised Oracle’s servers and began selling authentication data for 6 million users, including encrypted passwords.

    According to a report from BleepingComputer, the individual shared several text files consisting of potentially sensitive information, including LDAP data and a listing of 140,621 domains of companies that may have been affected. With many of the domains appearing dubious, some analysts express concern about the credibility of the claims.

    In addition to the raw data, rose87168 provided an Archive.org URL to a text file hosted on Oracle’s server, which featured their email address. This evidence purportedly signifies that the hacker had the capability to create files on Oracle’s infrastructure, suggesting a serious security breach.

    Despite these alarming claims, Oracle’s representatives have steadfastly asserted that no customer data has been compromised, stating, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” as reported by BleepingComputer.

    Contrary to Oracle’s claims, representatives from various companies confirmed the authenticity of the leaked data, which included LDAP display names and email addresses matching their records. Email exchanges shared by the hacker reportedly detail communications with Oracle’s security team, indicating serious vulnerabilities that could endanger user information.

    Moreover, cybersecurity firm Cloudsek discovered that the compromised server—allegedly linked to the breach—was operating an outdated version of Oracle Fusion Middleware, which had known vulnerabilities that attackers could exploit. The server was taken offline shortly after reports of the breach emerged.

    This incident raises significant concerns about the security measures employed by Oracle, highlighting a potential oversight in managing user data. As investigations continue, the technology industry anxiously awaits Oracle’s next steps and whether further revelations will emerge regarding the severity of this alleged breach.