Last Week in Cloud Security — July 18
July 11 — July 18
Vulnerabilities and Case Studies
Snowflake Account Attacks Driven by Exposed Legitimate Credentials
Credential management gets a boost with the latest infostealers’ extortion campaign built on info stolen from cloud storage systems.
Kubernetes Exposed: Exploiting the Kubelet API
Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated requests can lead to severe security implications, including unauthorized access and potential data breaches.
Kubernetes
Understanding Kubernetes Identities, Part 1
When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks.
Worth Knowing
Why the AT&T breach matters — and how to respond
In the latest major cybersecurity incident, AT&T has revealed a significant data breach affecting nearly all its wireless customers. The breach, which involves call data records (CDRs) from May 1, 2022, to October 31, 2022, and a limited set from January 2, 2023, has far-reaching implications for both individuals and organizations. The compromised data includes source and destination numbers, and for some, cell site information that can offer a rough geolocation of the AT&T customer.
What are the Current Trends in Cloud Technology?
In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.
Unprecedented: Cloud Giants, Feds Team on Unified Security Intelligence
The Cloud Safe Task Force aims to unite the US government and cloud service providers, like Amazon, Google, IBM, Microsoft, and Oracle, to provide a “National Cyber Feed”: a continuous threat-monitoring tool for federal agencies.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.