[Some Interesting] Cloud ‘n Sec news: 06th May 22

What’s worth your reading time

Cloud

Management

15 ways to ensure cloud migration is a success

Forbes published an article discussing 15 ways to make sure you’re migration to the cloud is successful. Check out the article in full.

The 15 tips were raised from their Panel of experts, as they state:

There are many reasons businesses fail to achieve the full value of a move to the cloud, ranging from unforeseen costs and responsibilities to leaving valuable services and capabilities on the table. If your business is contemplating or beginning migration to the cloud, make sure you achieve the maximum potential value of the move by following the tips shared below by members of Forbes Technology Council.

GCP

Google Cloud has been on the news since a security vendor mentioned a dangerous feature that could be leveraged maliciously to exploit virtual machines in the platform.

The report from techtarget says:

Cloud incident response vendor Mitiga discovered the misconfiguration a few months ago while researching Google Cloud Platform’s (GCP) Compute Engine, specifically its virtual machine (VM) service. The company discovered a misconfiguration that could allow threat actors to transmit and receive data from VMs and possibly gain complete control of the system.

Read more in the link above.

Security

Industry

Password day

On password day, celebrated by the infosec community (is it really?) on the 5th of may, it was announced a partnership

And perhaps that is what should be celebrated really, the developments to make passwords obsolete.

Microsoft wrote a thorough post on the subject.

Docker Image to stop Russians in Ukraine?

According to bleeping computer’s report, pro Ukranian hacktivists have created docker containers that DoS russian services. The article reads:

Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country’s IT Army.

The practice is ill advised, naturally, as pointed out in the article:

Deploying these DDoS attacks may attract retaliatory action from pro-Russia hackers, which could lead to lengthy and damaging service disruption.

Pro-Ukraine hackers use Docker images to DDoS Russian sites (bleepingcomputer.com)

Extra: PowerShell tracking registry changes

A recent update to PowerShell makes it registry change’s smart. According to reports from Bleeping computer:

As Windows updates, application installs, setting changes, and malware constantly makes changes to the Windows registry, this mode would allow you to quickly spot what was changed, allowing you to diagnose issues, remove malicious entries, and see what settings have been changed.

Benefit comparing the Registry keys is still a helpful tool that admins can automate to better troubleshoot problems on devices they manage.

Learn more about my Cloud and Security Projects on the Web, Podcast , Youtube.

Thank you for reading and leave your thoughts/comments!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andre Camillo

Andre Camillo

Cloud and Security technologies, Career, sometimes Music and Gaming easter eggs. Technical Specialist @Microsoft. Opinions are my own.