Google invests in Security + Microsoft's Log4Shell Update

Cloud Security News

05-01-2022 • 5 mins

Cloud Security News this week 5 Jan 2022

  • Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this here
  • Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”.  They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog here.
  • Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to  set up a backdoor on the compromised host to do cryptomining.  This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. You can see the blog and their findings here.
  • SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. You can view the full report here
  • Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. You can read more about the findings here and threatpost report here

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy:

You Might Like

The Morning Brief
The Morning Brief
The Economic Times
ANI Podcast with Smita Prakash
ANI Podcast with Smita Prakash
Asian News International (ANI)
ThePrint
ThePrint
ThePrint
3 Things
3 Things
Express Audio
In Focus by The Hindu
In Focus by The Hindu
The Hindu
FT News Briefing
FT News Briefing
Financial Times
Top of the Morning
Top of the Morning
Mint - HT Smartcast
Economist Podcasts
Economist Podcasts
The Economist
Daybreak
Daybreak
The Ken
HT Daily News Wrap
HT Daily News Wrap
Hindustan Times - HT Smartcast
The Seen and the Unseen - hosted by Amit Varma
The Seen and the Unseen - hosted by Amit Varma
Amit Varma
The Intelligence from The Economist
The Intelligence from The Economist
The Economist
The Journal.
The Journal.
The Wall Street Journal & Gimlet
The Daily
The Daily
The New York Times
Global News Podcast
Global News Podcast
BBC World Service
The Cārvāka Podcast
The Cārvāka Podcast
Kushal Mehra
Serial
Serial
Serial Productions & The New York Times
The Signal Daily
The Signal Daily
The Core Team
WSJ What’s News
WSJ What’s News
The Wall Street Journal
Out Of Focus - MediaOne
Out Of Focus - MediaOne
Mediaone