[Some Interesting] Cloud ‘n Sec news: 20th May 22
What’s worth your reading time
Microsoft announces European cloud Principles
Microsoft’s President and Vice Chair, Brad Smith, announced in an official Microsoft blog post the following:
(..) creating new benefits for customers that European Cloud Providers can build upon to deliver new solutions to those customers. This initiative will apply across Europe, including the United Kingdom. It will have several pieces.
The blog post goes in details about what this means for European Cloud Providers, but this is a move to:
support a healthy competitive environment and the role that trusted local providers play in meeting customers’ technology needs.
Be sure to read the blog for more information.
AMD announces GCP as chosen Provider for Chip Design Workloads
According to the article by PRN:
Google Cloud and AMD today announced a technology partnership in which AMD will run electronic design automation (EDA) for its chip-design workloads on Google Cloud, further extending the on-premises capabilities of AMD data centers. AMD will also leverage Google Cloud’s global networking, storage, artificial intelligence, and machine learning capabilities to further improve upon its hybrid and multicloud strategy for these EDA workloads.
An interesting article on Cloud Security Architecture
And tips on how to Architect Cloud Security — worth reading sometime I know I will soon: A Cloud Security Architect’s To-Do List (datacenterknowledge.com)
RSA Conference 2022 about to start
On the 24th may, one of the largest security conferences of the year will start. There are a number of good examples of what are the trends expected at the event.
The “7 layers” podcast has covered the trends this week, have a listen:7 Layers | Podcast on Spotify
Watch out where you buy NFTs from
Fake Pixelmon NFT site was caught infecting users with malware that steals their cryptocurrency wallets.
To take advantage of this interest, threat actors have copied the legitimate pixelmon.club website and created a fake version at pixelmon[.]pw to distribute malware.
This site is almost a replica of the legitimate site, but instead of offering a demo of the project’s game, the malicious site offers executables that install password-stealing malware on a device.
For details on how the attack was executed, check out the report from the link.
Forms data may be leaked to third parties even before you press enter
This is alarming, most users assume that when filling in forms on the web, their data is not shared until they press enter, however, a study in the top 100k ranking websites has found that this is not always true. About 3% of all tested site share info to third parties even before you click enter.
Bleeping computer reported:
The study was conducted by university researchers who used a crawler based on DuckDuckGo’s Tracker Radar Collector tool to monitor exfiltration activities.
The crawler was equipped with a pre-trained machine-learning classifier that detected email and password fields and intercepted script access to those fields.
Be sure to check out the article and the study from the links above.
Espionage campaign against Diplomat uncovered
A very sophisticated and well crafted attack against a Jordanian Diplomat was uncovered by Fortinet’s research team.
The attack included advanced anti-detection and anti-analysis techniques.
Security researchers at Fortinet have gathered evidence and artifacts from the attack in May 2022 and compiled a technical report to highlight APT34’s latest techniques and methods.
The report from Fortinet can be found online.
Learn more about my Cloud and Security Projects: Andre Camillo | Linktree
Thank you for reading and leave your thoughts/comments!