InfoSecBulletin Cybersecurity for mankind
The NSA and CISA have released five bulletins on securing a cloud environment. Cloud services are very popular for businesses because they offer managed servers, storage, and applications without the need to manage their own infrastructure.
Many enterprise application developers now offer both on-premise and cloud-hosted versions of their services. This helps corporate admins by relieving them of some responsibilities.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).
Use Secure Cloud Identity and Access Management Practices
Use Secure Cloud Key Management Practices
Implement Network Segmentation and Encryption in Cloud Environments
Secure Data in the Cloud
Mitigate Risks from Managed Service Providers in Cloud Environments
Review CISA and NSA recommendations and apply their suggestions to enhance cloud security. For more details on cloud security best practices, visit CISA’s SCuBA Project and TIC pages.
