Aggregator

A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. [...]

Learn about the latest initiatives in post-quantum cryptography, including the IETF’s plan for securing TLS.

In this sixth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we offer three recommendations that you can quickly roll out to help you expedite, prioritize and fine-tune how you detect and respond to cloud security issues.

The dynamic, distributed and fast-changing nature of cloud environments makes it imperative for organizations to have a streamlined and swift process for detecting and responding to cloud security issues.

Failure to promptly and effectively respond to cloud security findings can quickly lead to major breaches that threaten your organization’s sensitive data, business operations, regulatory compliance, and more.

As the “SANS 2024 Detection and Response Survey” shows, cloud detection and response is a priority for organizations. The report, based on a survey of almost 400 cybersecurity professionals – including incident response handlers, security analysts, security managers and security directors – found that:

• 53% of respondents planned to adopt more advanced cloud-native security tools.
• 52% were looking to integrate artificial intelligence and machine learning for enhanced threat detection and response.
• 71% planned to boost training for security teams on cloud-specific threats.

In this blog, we offer you three ways to accelerate your response in the cloud. Our recommendations are meant to get you started with a “quick win” that only takes minutes and that can serve as the foundation for implementing best practices with a broader scope.

Read on to get the details on these three tips:

• Sketch out owners for different categories of cloud security findings.
• Think about your most sensitive cloud resources and the types of security findings that – if they affected these resources – would merit a response.
• Set up notifications alerting the appropriate teams about these security findings via messaging tools or ticketing solutions. 

Sketch out the owners assigned to act on the different types of cloud security findings

A key for swiftly responding to cloud security issues is knowing who to go to — for particular assets — when in the heat of the moment. 

For a quick win, think about the people who make up your security team and the roles they play in areas such as identity and access management (IAM); DevSecOps; governance, risk and compliance; and vulnerability management; and sketch these key owners out.

If you need to jog your memory, think through different ways your organization might best assign ownership, including:

• By specific cloud accounts or groups of accounts
• By specific types and categories of findings, such as IAM-related issues
• By assigning owners to clusters of resources that belong to a specific project

By documenting the teams that own specific categories of cloud security findings, you pave the way for decisive and quick responses to cloud security issues. 

Handpick a couple of sensitive resources and their critical issues

Having sketched out some of the ownership of security findings, you want to think about one or two of your most sensitive resources and identify which issues impacting them would warrant firing off an alert. The idea here is to set up one or two alerts for issues whose high severity would be obvious, such as suspicious changes to the permissions of an S3 bucket that holds data for your company's payment processing infrastructure. By thinking through this, you will be prioritizing the one or two issues that pose the greatest risk to your cloud environment’s “crown jewels.”

Once you have your rough list of sensitive resources, some critical issues you might be interested in would be:

• Changes being made to sensitive security groups
• Changes to the configuration of critical storage buckets
• Changes to access permissions from internal or external networks

By taking time to think through what your most critical cloud resources are, you will be on a path to proactively applying stronger safeguards and controls to them, thereby reducing the risk they’ll be breached. 

Set up notifications via messaging tools or ticketing solutions

Once you’ve sketched out the key responsibilities across your organization, as well as the critical resources and the critical issues impacting them, the final quick action you can take is to start setting up a few alerts around these connections. 

You don’t need to set up every possible critical alert right now, but starting with one or two of the most critical alerts will give you good momentum to embark on a more comprehensive project later on. If possible, consider integrating your alerting system with a corporate messaging tool, like Slack or Microsoft Teams. This will offer you an effective way to make these notifications timely and actionable. If you have a bit more time, it’s very valuable to integrate this type of notification into your ticketing system or security information and event management (SIEM) system. 

How Tenable can help

There are different ways in which our Tenable Cloud Security cloud native application protection platform (CNAPP) can help you streamline and automate the three recommendations we’ve outlined in this blog for accelerating your response to cloud security findings.

First, Tenable Cloud Security allows you to assign custom properties and labels that can be applied to resources to add context for risk assessment. These have many uses, and many Tenable customers leverage this capability to tag different resources with their owners.

Tenable Cloud Security offers policy templates that provide a flexible way of defining exactly which resources you want to monitor, how, and for what.

And — of course — Tenable Cloud Security can tie all this together so you can quickly send notifications to resource owners about detected issues that are within their scope of responsibilities. Whichever way your team and your stakeholders work, Tenable Cloud Security can integrate your alerts there with the ability to send alerts and reports to recipients via Slack, Teams, email, Jira, ServiceNow, Datadog, Splunk, QRadar, Sumo Logic and Telegram, as well as to many others via webhooks. 

Find out how you can take action to speed up and fine-tune your cloud detection and response, as well as your overall multi-cloud security in just five minutes.

Learn more:

• "Stronger Cloud Security in Five: The Importance of Cloud Configuration Security"
• "Stronger Cloud Security in Five: How To Protect Your Cloud Workloads"
• "Stronger Cloud Security in Five: Securing Your Cloud Identities"
• “Stronger Cloud Security in Five: How DSPM Helps You Discover, Classify and Secure All Your Data Assets”
• “Stronger Cloud Security in Five: 3 Quick Ways to Improve Kubernetes Security in GCP”

A comprehensive new study reveals the sophisticated architecture behind Russia’s externalized cyber warfare strategy, exposing how the Kremlin systematically exploits private companies, hacktivist collectives, and cybercriminal groups to enhance its digital offensive capabilities while maintaining plausible deniability. The research demonstrates that Russia’s cyber outsourcing model emerged from the chaotic post-Soviet collapse of 1991, when institutional […]

The post Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities appeared first on Cyber Security News.

Обычно 30 знаков, а тут почти 300: странные сигналы ВВС США.

A vulnerability classified as very critical has been found in Dover Fueling Solutions ProGauge MagLink LX consoles. Affected is an unknown function of the component Target Communication Framework Interface. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-5310. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Pixel Manager for WooCommerce Plugin up to 1.49.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-6201. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Real Estate Management 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /store/index.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-45786. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Couchbase .NET SDK up to 3.7.0. It has been classified as problematic. This affects an unknown part of the component TLS Certificate Validation Handler. The manipulation leads to certificate with host mismatch. This vulnerability is uniquely identified as CVE-2025-49015. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DPH-400S SE VoIP Phone 1.01 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument PROVIS_USER_PASSWORD leads to insecure storage of sensitive information. This vulnerability is handled as CVE-2025-45784. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability has been found in EfroTech Time Trax 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Attachment Handler. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-46157. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in miniTCG 1.3.1. Affected is an unknown function of the file /members/edit.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2025-45661. It is possible to launch the attack remotely. There is no exploit available.

Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root users’s accounts with multi-factor authentication. AWS Shield network security director (Preview) AWS Shield, the managed DDoS protection service that protects applications running on AWS, is gaining the ability to pinpoint network issues … More →

The post AWS launches new cloud security features appeared first on Help Net Security.

China’s People’s Liberation Army has accelerated its integration of generative artificial intelligence across military intelligence operations, marking a significant shift in how the world’s largest military force approaches data collection, analysis, and strategic decision-making. This technological transformation represents the PLA’s recognition that traditional intelligence methods can no longer adequately identify threats and opportunities in an […]

The post PLA Rapidly Deploys AI Technology Across Military Intelligence Operations appeared first on Cyber Security News.

Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025

被称为 Sukunaarchaeum 的新微生物不是病毒但非常像病毒，它生存的唯一目的是和病毒一样进行自我复制。它是一种寄生物，但不能回报宿主，而是必须从宿主 Citharistes regius 身上窃取所需要的一切。它与细胞生命之间的亲缘关系远大于病毒大肠杆菌。合成生物学家 Kate Adamala 认为这一发现挑战了细胞生命与病毒之间的界限，可能代表了一种正演化成病毒的微生物，或有助于科学家理解病毒最初是如何演化而来。科学家发现，Sukunaarchaeum 并非是孤例。

Microsoft has announced a new security capability within its Defender for Office 365 suite aimed at combating the growing threat of email bombing attacks.  The feature, officially labeled “Mail Bombing Detection,” will automatically identify and quarantine high-volume email flooding campaigns that attempt to overwhelm user inboxes or obscure legitimate messages.  This technology enhancement will be […]

The post Microsoft Defender for Office 365 to Block Email Bombing Attacks appeared first on Cyber Security News.