Mona Thaker@Microsoft Security Blog
//
References:
Microsoft Security Blog
, Wiz Blog | RSS feed
,
Microsoft and Wiz have both been recognized as Leaders in the 2025 IDC MarketScape for Cloud-Native Application Protection Platforms (CNAPP). This recognition underscores the growing importance of CNAPP solutions as organizations grapple with securing increasingly complex cloud environments. The IDC MarketScape assesses vendors based on their capabilities and strategic vision, providing guidance for security leaders seeking to replace fragmented point tools with a unified approach to cloud security. Both Microsoft and Wiz have demonstrated a strong commitment to innovation and customer success in cloud security.
The IDC MarketScape emphasizes that selecting a CNAPP vendor involves more than just consolidating tools. It highlights the importance of seamless integration with existing security infrastructure and the ability to enhance the overall security posture. Key considerations include robust monitoring and reporting on cloud security posture, runtime, and application security. Microsoft's recognition stems from its comprehensive, AI-powered, and integrated security solutions for multicloud environments. Wiz is also committed to customer success across cloud security. Microsoft's Defender for Cloud was specifically lauded for providing visibility into cloud attacks across the entire environment, from endpoints to exposed identities. The platform's holistic approach examines attack vectors both inside and outside the cloud, integrating pre-breach posture graphs with live incidents for exposure risk assessment. Additionally, Microsoft was recognized for its detailed threat analytics, which combines information from various sources to create comprehensive attack paths and facilitate threat prioritization. Customers also highlighted the strong partnership with Microsoft, noting dedicated support and consulting for optimal product use. Recommended read:
References :
CISA@Alerts
//
References:
www.cybersecuritydive.com
, Tenable Blog
,
Tenable's 2025 Cloud Security Risk Report has revealed a concerning trend: a significant percentage of public cloud storage resources are exposing sensitive data. The study found that nearly one in ten publicly accessible cloud storage buckets contain sensitive information, including Personally Identifiable Information (PII), Intellectual Property (IP), Payment Card Industry (PCI) data, and Protected Health Information (PHI). Worryingly, 97% of this exposed data is classified as restricted or confidential. This highlights the ongoing challenge organizations face in properly securing their cloud environments despite increased awareness of cloud security risks.
Researchers found that misconfigured access settings and overly permissive policies are major contributing factors to these exposures. For instance, more than half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions. Similarly, a significant portion of Google Cloud Platform (GCP) Cloud Run and Microsoft Azure Logic Apps workflows are also exposed. Tenable emphasizes the need for automated data discovery and classification, elimination of public access by default, enterprise-grade secrets management, and identity-intelligent Cloud Security Posture Management (CSPM) to mitigate these risks. While the report highlights the risks from insecure cloud configurations, it also points to some positive developments. The number of organizations with "toxic cloud trilogies" – workloads that are publicly exposed, critically vulnerable, and highly privileged – has declined from 38% to 29% over the past year. However, this still represents a substantial risk. Tenable stresses that exposed secrets and sensitive data are systemic risks that must be eliminated to prevent data exfiltration and environment takeover, emphasizing that attackers often exploit public access, steal embedded secrets, or abuse overprivileged identities to compromise cloud environments. Recommended read:
References :
@Cloud Security Alliance
//
Amazon Web Services (AWS) is actively enhancing its security measures to empower customers with robust active defense capabilities. AWS utilizes internal active defense systems like MadPot, which are global honeypots, Mithra, a domain graph neural network, and Sonaris, which handles network mitigations. These systems are continuously improving to detect and help prevent attacks related to malware, software vulnerabilities, and AWS resource misconfigurations, benefiting customers automatically through the AWS network. AWS also employs strategies to identify, track, and disrupt threat infrastructure by analyzing network traffic logs, honeypot interactions, and malware samples.
CrowdStrike and AWS have joined forces to simplify security incident response for cloud environments. This collaboration includes launching a new managed service integrated directly into the AWS console, aiming to provide seamless security operations. The integration is designed to enable faster and easier incident response, allowing for more efficient handling of security threats and breaches within cloud infrastructures. This partnership seeks to address the growing need for streamlined security management in complex cloud environments. 1Password and AWS have formed a strategic alliance to enhance the security of AI and cloud environments for enterprises. This collaboration focuses on providing AI-era security tools to protect unmanaged devices and applications, addressing the "Access-Trust Gap." Contracts sold through AWS average four times larger than typical deals, with win rates exceeding 50 percent. 1Password, traditionally a consumer-focused password manager, has transformed into an enterprise security platform serving one-third of Fortune 100 companies, driven by the increasing demand for security tools capable of monitoring and controlling AI agents and unauthorized applications. Recommended read:
References :
TIGR Threat@Security Risk Advisors
//
Cisco has issued a critical security advisory regarding a vulnerability, CVE-2025-20286, in its Identity Services Engine (ISE) when deployed on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This static credential flaw enables unauthenticated remote attackers to potentially access sensitive data, perform limited administrative actions, modify system configurations, or disrupt services. The vulnerability stems from improperly generated credentials during cloud deployments, resulting in multiple ISE deployments sharing the same static credentials, provided they are on the same software release and cloud platform.
Exploitation of CVE-2025-20286 could allow attackers to extract user credentials from a compromised Cisco ISE cloud deployment and utilize them to access other ISE instances in different cloud environments via unsecured ports. This could lead to unauthorized access to sensitive data, execution of limited administrative operations, changes to system configurations, or service disruptions. Cisco's Product Security Incident Response Team (PSIRT) has confirmed the existence of a proof-of-concept (PoC) exploit for this vulnerability, though there is no evidence of active exploitation in the wild. The vulnerability impacts specific versions of Cisco ISE, affecting versions 3.1, 3.2, 3.3, and 3.4 on AWS, and versions 3.2, 3.3, and 3.4 on Azure and OCI. Cisco emphasizes that this vulnerability only affects deployments where the Primary Administration node is hosted in the cloud; on-premises deployments are not affected. While there are no official workarounds, Cisco recommends restricting traffic to authorized administrators or using the "application reset-config ise" command to reset user passwords. The company has released security patches to address the flaw and urges users to update their systems promptly. Recommended read:
References :
@Wiz Blog | RSS feed
//
A widespread cryptojacking campaign is targeting misconfigured DevOps infrastructure, including Nomad, Consul, Docker, and Gitea, to illicitly mine Monero cryptocurrency. The attackers, tracked as JINX-0132, are exploiting known misconfigurations and vulnerabilities in publicly accessible web servers to deploy mining software. This campaign marks the first publicly documented instance of Nomad misconfigurations being exploited as an attack vector.
The JINX-0132 group uniquely avoids traditional identifiers, downloading tools directly from public GitHub repositories, including standard release versions of XMRig. This "living-off-open-source" approach complicates detection and clustering of their activities. They abuse insecure configurations and vulnerable software versions to hijack DevOps web servers. HashiCorp Nomad and Consul, Docker API, and Gitea servers are being targeted. Affected Nomad instances can manage hundreds of clients, representing significant compute power. To prevent such attacks, organizations are advised to review their configurations, activate security features like access control lists (ACLs) for Nomad, and properly configure Consul to prevent unauthorized access and resource utilization. Recommended read:
References :
|