Seguridad Mania.com - España y América Latina
Portal sobre tecnologías para la seguridad física
- Destacamos »
- software Anti Blanqueo
PR Newswire
SAN JOSE, Calif., March 29, 2022
Insecure configurations put small businesses at increased risk and Log4j-based malware attacks persist
SAN JOSE, Calif., March 29, 2022 /PRNewswire/ -- Lacework®, the data-driven cloud security company, today released the third volume of its Cloud Threat Report, a semi-annual accounting of the ongoing cybersecurity threats impacting the cloud. Conducted over a six month period, the Cloud Threat Report found threat actors are broadening the scope of their efforts to gain illicit access to cloud data and resources. In addition to increased targeting of cloud platforms beyond AWS, Microsoft Azure, and Google Cloud, malicious actors are rapidly adapting new attacks to target organizations in the cloud. As world governments issue warnings over the increasing cybercrime threat, the report's findings highlight some of the most common threats businesses should protect against.
Small businesses in particular are at risk from cloud access brokers, who sell access to cloud accounts online. According to the report, 78 percent of SMBs observed by the Lacework Labs team had compliance violations within their cloud infrastructure, opening the door for attackers to gain initial access, escalate privileges, and impact protected data.
"Threat actors continue to show sophistication as they create and adapt new attacks to compromise the cloud," said James Condon, Director of Research, Lacework. "Organizations moving more data to cloud infrastructure need to be just as nimble, employing security best practices and modern tools with continuous monitoring to stay ahead of cybercriminals and keep critical information safe."
This third installment of the Cloud Threat Report highlights four key areas of cloud security: cloud security posture, vulnerabilities and software supply chain, runtime threats and linux malware, and proactive defense and intelligence. Based on anonymized data across the Lacework platform from September 2021 - February 2022, the report found:
The Lacework Labs team also examined issues around compliance, exposed Docker APIs and malicious containers, and additional vulnerabilities within the software supply chain. A full copy of the report and the executive summary can be found here.
Based on the findings of this report, Lacework Labs recommends that defenders evaluate security infrastructure against industry best practices and implement proactive defense and intelligence tools with active vulnerability monitoring like the Polygraph® Data Platform. The Lacework Labs team has put together several resource guides organizations can use to set up canary tokens, honeypots, and other proactive tools on the Lacework blog.
Additional Resources:
About Lacework
Lacework is the data-driven security company for the cloud. The Lacework Polygraph Data Platform automates cloud security at scale so our customers can innovate with speed and safety. Only Lacework can collect, analyze, and accurately correlate data across an organization's AWS, Microsoft Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer, and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, Tiger Global Management, Counterpoint Global (Morgan Stanley), Franklin Templeton, Durable Capital, GV, General Catalyst, XN, Coatue, Dragoneer, Liberty Global Ventures, and Snowflake Ventures, among others. Get started at www.lacework.com.
Contact: Inkhouse PR, Danielle Vincent, lacework@inkhouse.com
Publicamos interesante Informe de más de 48 págs y varios videos demostrativos sobre los posibles ataques a los robots de montaje de las fábricas. ... Leer más ►
Publicado el 22-Jun-2017 • 10.48hs
Publicado el 20-Jun-2017 • 20.22hs
Dirigido tanto a los principiantes, como a los expertos en seguridad informática y sistemas de control industrial (ICS), este libro ayudará a los lectores a comprender mejor la protección de normas de control interno de las amenazas electrónicas. ... Leer más ►
Publicado el 3-Ene-2012 • 20.16hs
Publicado el 25-Set-2009 • 01.26hs
Publicado el 17-Dic-2008 • 08.32hs