CyberSecurity news

FlagThis - #cloudsecurity

Mona Thaker@Microsoft Security Blog //

Microsoft is Leader in CNAPP for Cloud Security - Microsoft and Wiz are recognized as leaders in the 2025 IDC MarketScape for Cloud-Native Application Protection Platforms (CNAPP), highlighting the growing importance of CNAPP solutions for securing complex cloud environments.
Microsoft and Wiz have both been recognized as Leaders in the 2025 IDC MarketScape for Cloud-Native Application Protection Platforms (CNAPP). This recognition underscores the growing importance of CNAPP solutions as organizations grapple with securing increasingly complex cloud environments. The IDC MarketScape assesses vendors based on their capabilities and strategic vision, providing guidance for security leaders seeking to replace fragmented point tools with a unified approach to cloud security. Both Microsoft and Wiz have demonstrated a strong commitment to innovation and customer success in cloud security.

The IDC MarketScape emphasizes that selecting a CNAPP vendor involves more than just consolidating tools. It highlights the importance of seamless integration with existing security infrastructure and the ability to enhance the overall security posture. Key considerations include robust monitoring and reporting on cloud security posture, runtime, and application security. Microsoft's recognition stems from its comprehensive, AI-powered, and integrated security solutions for multicloud environments. Wiz is also committed to customer success across cloud security.

Microsoft's Defender for Cloud was specifically lauded for providing visibility into cloud attacks across the entire environment, from endpoints to exposed identities. The platform's holistic approach examines attack vectors both inside and outside the cloud, integrating pre-breach posture graphs with live incidents for exposure risk assessment. Additionally, Microsoft was recognized for its detailed threat analytics, which combines information from various sources to create comprehensive attack paths and facilitate threat prioritization. Customers also highlighted the strong partnership with Microsoft, noting dedicated support and consulting for optimal product use.

Recommended read:
References :
  • Microsoft Security Blog: Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers
  • Wiz Blog | RSS feed: Wiz Recognized as a Leader in the 2025 IDC MarketScape for CNAPP
  • AI News: The cloud-native application protection platform (CNAPP) market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published 2025 IDC MarketScape for Worldwide CNAPP, Microsoft has been recognized as a Leader, reaffirming its commitment to delivering comprehensive, AI-powered, and integrated security solutions for multicloud environments.
CISA@Alerts //

Tenable Exposes Critical Cloud Data Exposure Risks - Tenable’s Cloud Security Risk Report 2025 reveals that a significant percentage of public cloud storage resources contain sensitive data, emphasizing the need for automated data discovery and classification.
Tenable's 2025 Cloud Security Risk Report has revealed a concerning trend: a significant percentage of public cloud storage resources are exposing sensitive data. The study found that nearly one in ten publicly accessible cloud storage buckets contain sensitive information, including Personally Identifiable Information (PII), Intellectual Property (IP), Payment Card Industry (PCI) data, and Protected Health Information (PHI). Worryingly, 97% of this exposed data is classified as restricted or confidential. This highlights the ongoing challenge organizations face in properly securing their cloud environments despite increased awareness of cloud security risks.

Researchers found that misconfigured access settings and overly permissive policies are major contributing factors to these exposures. For instance, more than half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions. Similarly, a significant portion of Google Cloud Platform (GCP) Cloud Run and Microsoft Azure Logic Apps workflows are also exposed. Tenable emphasizes the need for automated data discovery and classification, elimination of public access by default, enterprise-grade secrets management, and identity-intelligent Cloud Security Posture Management (CSPM) to mitigate these risks.

While the report highlights the risks from insecure cloud configurations, it also points to some positive developments. The number of organizations with "toxic cloud trilogies" – workloads that are publicly exposed, critically vulnerable, and highly privileged – has declined from 38% to 29% over the past year. However, this still represents a substantial risk. Tenable stresses that exposed secrets and sensitive data are systemic risks that must be eliminated to prevent data exfiltration and environment takeover, emphasizing that attackers often exploit public access, steal embedded secrets, or abuse overprivileged identities to compromise cloud environments.

Recommended read:
References :
  • www.cybersecuritydive.com: Cloud storage buckets leaking secret data despite security improvements
  • Tenable Blog: Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds
  • www.itpro.com: Tenable report shows that organizations are failing to configure storage effectively – and may have a false sense of security
@Cloud Security Alliance //

AWS Enhances Active Defense and Simplifies Security - AWS is enhancing its active defense mechanisms using systems like MadPot, Mithra, and Sonaris; CrowdStrike and AWS are collaborating on incident response solutions; 1Password and AWS are joining forces to bolster AI and cloud security for enterprises.
Amazon Web Services (AWS) is actively enhancing its security measures to empower customers with robust active defense capabilities. AWS utilizes internal active defense systems like MadPot, which are global honeypots, Mithra, a domain graph neural network, and Sonaris, which handles network mitigations. These systems are continuously improving to detect and help prevent attacks related to malware, software vulnerabilities, and AWS resource misconfigurations, benefiting customers automatically through the AWS network. AWS also employs strategies to identify, track, and disrupt threat infrastructure by analyzing network traffic logs, honeypot interactions, and malware samples.

CrowdStrike and AWS have joined forces to simplify security incident response for cloud environments. This collaboration includes launching a new managed service integrated directly into the AWS console, aiming to provide seamless security operations. The integration is designed to enable faster and easier incident response, allowing for more efficient handling of security threats and breaches within cloud infrastructures. This partnership seeks to address the growing need for streamlined security management in complex cloud environments.

1Password and AWS have formed a strategic alliance to enhance the security of AI and cloud environments for enterprises. This collaboration focuses on providing AI-era security tools to protect unmanaged devices and applications, addressing the "Access-Trust Gap." Contracts sold through AWS average four times larger than typical deals, with win rates exceeding 50 percent. 1Password, traditionally a consumer-focused password manager, has transformed into an enterprise security platform serving one-third of Fortune 100 companies, driven by the increasing demand for security tools capable of monitoring and controlling AI agents and unauthorized applications.

Recommended read:
References :
  • AWS Security Blog: How AWS improves active defense to empower customers
  • venturebeat.com: 1Password and AWS join forces to secure AI, cloud environments for the enterprise
  • Tony Bradley: CrowdStrike And AWS Join Forces To Simplify Security Incident Response
  • AWS Security Blog: How AWS is simplifying security at scale: Four keys to faster innovation from AWS re:Inforce 2025
TIGR Threat@Security Risk Advisors //

Critical Flaw in Cisco ISE Impacts Cloud Deployments - Cisco addressed a critical vulnerability in its Identity Services Engine (ISE) impacting cloud deployments on AWS, Azure, and Oracle Cloud Infrastructure, allowing unauthenticated remote attackers access.
Cisco has issued a critical security advisory regarding a vulnerability, CVE-2025-20286, in its Identity Services Engine (ISE) when deployed on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This static credential flaw enables unauthenticated remote attackers to potentially access sensitive data, perform limited administrative actions, modify system configurations, or disrupt services. The vulnerability stems from improperly generated credentials during cloud deployments, resulting in multiple ISE deployments sharing the same static credentials, provided they are on the same software release and cloud platform.

Exploitation of CVE-2025-20286 could allow attackers to extract user credentials from a compromised Cisco ISE cloud deployment and utilize them to access other ISE instances in different cloud environments via unsecured ports. This could lead to unauthorized access to sensitive data, execution of limited administrative operations, changes to system configurations, or service disruptions. Cisco's Product Security Incident Response Team (PSIRT) has confirmed the existence of a proof-of-concept (PoC) exploit for this vulnerability, though there is no evidence of active exploitation in the wild.

The vulnerability impacts specific versions of Cisco ISE, affecting versions 3.1, 3.2, 3.3, and 3.4 on AWS, and versions 3.2, 3.3, and 3.4 on Azure and OCI. Cisco emphasizes that this vulnerability only affects deployments where the Primary Administration node is hosted in the cloud; on-premises deployments are not affected. While there are no official workarounds, Cisco recommends restricting traffic to authorized administrators or using the "application reset-config ise" command to reset user passwords. The company has released security patches to address the flaw and urges users to update their systems promptly.

Recommended read:
References :
  • Cyber Security News: Cisco Alerts on ISE Vulnerability Exposing Sensitive Data with Available PoC Exploit
  • Security Affairs: Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions.
  • The Hacker News: Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
  • Security Risk Advisors: Static credential flaw (CVE-2025-20286) in #Cisco ISE cloud deployments enables unauthorized access across AWS, Azure, and OCI.
  • SOC Prime Blog: A critical vulnerability in Cisco’s Identity Services Engine (ISE) enables unauthenticated remote attackers to retrieve sensitive information and perform administrative actions across various cloud environments upon exploitation.
  • Arctic Wolf: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • arcticwolf.com: On 4 June 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most severe issue, CVE-2025-20286, affects cloud deployments of Cisco Identity Services Engine (ISE) on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
  • sec.cloudapps.cisco.com: Static credential flaw (CVE-2025-20286) in #Cisco ISE cloud deployments enables unauthorized access across AWS, Azure, and OCI.
  • socprime.com: A critical vulnerability in Cisco’s Identity Services Engine (ISE) enables unauthenticated remote attackers to retrieve sensitive information and perform administrative actions across various cloud environments upon exploitation.
  • www.techradar.com: Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know
  • arcticwolf.com: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • www.itpro.com: Cisco patches critical flaw affecting Identity Services Engine
  • Arctic Wolf: CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability
  • Blog: How to find Cisco Identity Services Engine (ISE) installations
  • www.scworld.com: Cisco patches Identity Services Engine flaw affecting AWS, Azure, OCI
@Wiz Blog | RSS feed //

Cryptojacking Exploits Misconfigured DevOps Infrastructure APIs - A widespread cryptojacking campaign is exploiting misconfigured DevOps infrastructure like Nomad, Consul, Docker, and Gitea to mine Monero, advising organizations to review configurations.
A widespread cryptojacking campaign is targeting misconfigured DevOps infrastructure, including Nomad, Consul, Docker, and Gitea, to illicitly mine Monero cryptocurrency. The attackers, tracked as JINX-0132, are exploiting known misconfigurations and vulnerabilities in publicly accessible web servers to deploy mining software. This campaign marks the first publicly documented instance of Nomad misconfigurations being exploited as an attack vector.

The JINX-0132 group uniquely avoids traditional identifiers, downloading tools directly from public GitHub repositories, including standard release versions of XMRig. This "living-off-open-source" approach complicates detection and clustering of their activities. They abuse insecure configurations and vulnerable software versions to hijack DevOps web servers.

HashiCorp Nomad and Consul, Docker API, and Gitea servers are being targeted. Affected Nomad instances can manage hundreds of clients, representing significant compute power. To prevent such attacks, organizations are advised to review their configurations, activate security features like access control lists (ACLs) for Nomad, and properly configure Consul to prevent unauthorized access and resource utilization.

Recommended read:
References :

Posts

Blogs

Research Tools