[Some Interesting] Cloud ‘n Sec news: 20th May 22

What’s worth your reading time

Cloud

Azure

Microsoft announces European cloud Principles

Microsoft’s President and Vice Chair, Brad Smith, announced in an official Microsoft blog post the following:

(..) creating new benefits for customers that European Cloud Providers can build upon to deliver new solutions to those customers. This initiative will apply across Europe, including the United Kingdom. It will have several pieces.

The blog post goes in details about what this means for European Cloud Providers, but this is a move to:

support a healthy competitive environment and the role that trusted local providers play in meeting customers’ technology needs.

Be sure to read the blog for more information.

GCP

AMD announces GCP as chosen Provider for Chip Design Workloads

According to the article by PRN:

Google Cloud and AMD today announced a technology partnership in which AMD will run electronic design automation (EDA) for its chip-design workloads on Google Cloud, further extending the on-premises capabilities of AMD data centers. AMD will also leverage Google Cloud’s global networking, storage, artificial intelligence, and machine learning capabilities to further improve upon its hybrid and multicloud strategy for these EDA workloads.

Industry

An interesting article on Cloud Security Architecture

And tips on how to Architect Cloud Security — worth reading sometime I know I will soon: A Cloud Security Architect’s To-Do List (datacenterknowledge.com)

Security

Industry

RSA Conference 2022 about to start

On the 24th may, one of the largest security conferences of the year will start. There are a number of good examples of what are the trends expected at the event.

The “7 layers” podcast has covered the trends this week, have a listen:7 Layers | Podcast on Spotify

Threats

Watch out where you buy NFTs from

Fake Pixelmon NFT site was caught infecting users with malware that steals their cryptocurrency wallets.

Newsoutlets reported:

To take advantage of this interest, threat actors have copied the legitimate pixelmon.club website and created a fake version at pixelmon[.]pw to distribute malware.

This site is almost a replica of the legitimate site, but instead of offering a demo of the project’s game, the malicious site offers executables that install password-stealing malware on a device.

For details on how the attack was executed, check out the report from the link.

Forms data may be leaked to third parties even before you press enter

This is alarming, most users assume that when filling in forms on the web, their data is not shared until they press enter, however, a study in the top 100k ranking websites has found that this is not always true. About 3% of all tested site share info to third parties even before you click enter.

Bleeping computer reported:

The study was conducted by university researchers who used a crawler based on DuckDuckGo’s Tracker Radar Collector tool to monitor exfiltration activities.

The results have been summed up on this webpage, while the researchers also published the detailed technical paper for those who want to dive deeper.

The crawler was equipped with a pre-trained machine-learning classifier that detected email and password fields and intercepted script access to those fields.

Be sure to check out the article and the study from the links above.

Attacks

Espionage campaign against Diplomat uncovered

A very sophisticated and well crafted attack against a Jordanian Diplomat was uncovered by Fortinet’s research team.

The attack included advanced anti-detection and anti-analysis techniques.

The report from bleeping computer reads:

Security researchers at Fortinet have gathered evidence and artifacts from the attack in May 2022 and compiled a technical report to highlight APT34’s latest techniques and methods.

The report from Fortinet can be found online.

Learn more about my Cloud and Security Projects: Andre Camillo | Linktree

Thank you for reading and leave your thoughts/comments!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store