May 6
[Some Interesting] Cloud ‘n Sec news: 06th May 22
What’s worth your reading time
Cloud
Management
15 ways to ensure cloud migration is a success
Forbes published an article discussing 15 ways to make sure you’re migration to the cloud is successful. Check out the article in full.
The 15 tips were raised from their Panel of experts, as they state:
There are many reasons businesses fail to achieve the full value of a move to the cloud, ranging from unforeseen costs and responsibilities to leaving valuable services and capabilities on the table. If your business is contemplating or beginning migration to the cloud, make sure you achieve the maximum potential value of the move by following the tips shared below by members of Forbes Technology Council.
GCP
Google Cloud has been on the news since a security vendor mentioned a dangerous feature that could be leveraged maliciously to exploit virtual machines in the platform.
The report from techtarget says:
Cloud incident response vendor Mitiga discovered the misconfiguration a few months ago while researching Google Cloud Platform’s (GCP) Compute Engine, specifically its virtual machine (VM) service. The company discovered a misconfiguration that could allow threat actors to transmit and receive data from VMs and possibly gain complete control of the system.
Read more in the link above.
Security
Industry
Password day
On password day, celebrated by the infosec community (is it really?) on the 5th of may, it was announced a partnership
And perhaps that is what should be celebrated really, the developments to make passwords obsolete.
Microsoft wrote a thorough post on the subject.
Docker Image to stop Russians in Ukraine?
According to bleeping computer’s report, pro Ukranian hacktivists have created docker containers that DoS russian services. The article reads:
Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country’s IT Army.
The practice is ill advised, naturally, as pointed out in the article:
Deploying these DDoS attacks may attract retaliatory action from pro-Russia hackers, which could lead to lengthy and damaging service disruption.
Pro-Ukraine hackers use Docker images to DDoS Russian sites (bleepingcomputer.com)
Extra: PowerShell tracking registry changes
A recent update to PowerShell makes it registry change’s smart. According to reports from Bleeping computer:
As Windows updates, application installs, setting changes, and malware constantly makes changes to the Windows registry, this mode would allow you to quickly spot what was changed, allowing you to diagnose issues, remove malicious entries, and see what settings have been changed.
Benefit comparing the Registry keys is still a helpful tool that admins can automate to better troubleshoot problems on devices they manage.
