The recent data loss incident involving UniSuper, a major financial player and Google Cloud serves as a reminder of the importance of implementing robust backup and disaster recovery solutions. Let’s delve into the details of the incident and explore why backups are essential for safeguarding against data disasters.

CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.

Law firms are in a precarious position when it comes to cyber risk. These organizations are tasked with storing large amounts of sensitive information — from corporate finances to client data to intellectual property (IP) — and, as such, are finding themselves in the crosshairs of threat actors.

According to Gartner, the global market for cloud infrastructure services increased by 30% in 2022, exceeding $100 billion for the first time. AWS and Azure account for almost two-thirds of this figure. While many organizations benefit from these platforms, the popularity of the cloud can also present significant security challenges.

Privilege escalation in AWS refers to the unauthorized elevation of user privileges within the AWS environment, allowing users to access resources and perform actions beyond their intended level of permissions. This security risk would arise in case the attackers utilize the vulnerabilities or misconfigurations in AWS services, IAM policies, or access controls to take up privileges above the current level.

The AWS Snow Family is a service offering designed to assist customers in leveraging Amazon Web Services (AWS) closer to where their data is generated, primarily in sites where internet connection may not be viable. When used, clients can run applications with minimal delay and comply with data storage location requirements. The Snow Family includes Snowball Edge and Snowcone, which are designed for two main purposes: running applications in harsh conditions and moving data from remote places to AWS.

The Rolling Stones wanted to protect their space; we, as security practitioners, need to protect ours. Data 'castles' in the cloud are out there, and they're constantly under siege. By drawing inspiration from a band that embodied personal freedom, we can draw some – okay, very stretched - parallels to modern cloud security. Nonetheless, they work. And we all knew this blog was coming. And if you read the blog backward you can hear the name of the latest malware family... Maybe.

There’s currently a cybersecurity adage with varying verbiage and claimed origins – the point, however, is unmistakable.