InfoSecBulletin Cybersecurity for mankind
The NSA released a list of ten recommended security strategies for cloud customers. The advisory, published on March 7, 2024, includes ten strategies for cloud security, identity and access management, data security practices, and network segmentation.
CISA supported the NSA with six out of ten strategies for cybersecurity and infrastructure security in the US.
IBM and Veeam Release Patches in AIX System and Backup
WhatsApp patched zero-click flaw exploited in spyware attacks
CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild
11 state hackers exploit new Windows zero-day since 2017
Hackers Exploit ChatGPT with CVE-2024-27564
(CVE-2024-540385)
CVSS 10 Alert! HPE Cray Vulnerability Authentication Bypass Threat
CVE-2025-24813
Apache Tomcat Flaw Exploited In The Wild
B1nary_Band1ts secure first for “MIST CyberTron 2025”
CVE-2025-24016
Critical RCE vulnerability affects Wazuh
AWS SNS misused for Data Exfiltration and Phishing
The top 10 cloud security mitigation strategies are:
* Uphold the Cloud Shared Responsibility Model
* Use Secure Cloud Identity and Access Management Practices
* Use Secure Cloud Key Management Practices
* Implement Network Segmentation and Encryption in Cloud Environments
* Secure Data in the Cloud
* Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
* Enforce Secure Automated Deployment Practices through Infrastructure as Code
* Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments
* Mitigate Risks from Managed Service Providers in Cloud Environments
* Manage Cloud Logs for Effective Threat Hunting
* Each strategy comes with an additional cybersecurity information sheet detailing how to implement it.
The sheets offer recommended steps and best practices from the NSA and CISA for cloud security, along with links for further details and resources.
