Using a risk-based approach to deal with policy violations and continuous compliance monitoring will help avoid data exposures and fines.

Public cloud spending and adoption is growing fast. Analysts predict that organizations will spend $591.8 billion on cloud infrastructure and services in 2023, up 20.7% from the year before. In fact, according to Forrester, the public cloud market is projected to reach $1 trillion by 2026, with the majority of spending directed to the big four: Alibaba, Amazon Web Services, Google Cloud, and Microsoft.

So, what's happening? Organizations accelerated their cloud migration during the pandemic and saw huge benefits as cloud services enabled faster innovation, provided elasticity to respond to fluctuating demand, and scaled with growth. Now, there's no turning back, even as the C-suite cuts spending in other areas. Organizations' appetite is particularly large for infrastructure-as-a-service (IaaS), projected to reach $150 billion; and platform-as-a-service (PaaS), anticipated to reach $136 billion in 2023.

Yet all this heady growth, which is thrilling to business strategists and technologists alike, has a dark side. Organizations risk significantly increasing public cloud data risks if they don't take necessary steps to improve its security.

**Shadow Data Is Growing Due to Lax Security Controls**

Multiple factors are contributing to the problem of "shadow data" or unknown, unmanaged public cloud data. Business users are provisioning their own applications, and developers are continually spinning up their own instances to develop and test applications. Many of these services store and use sensitive data that IT and security teams don't know about. Cloud buckets may also store multiple versions of data in the same bucket, a process called versioning, which increases risks if policies aren't configured properly.

As the pace of innovation increases, unmanaged data stores are often forgotten about and abandoned. In addition, sensitive data that is properly secured could be moved or copied to an unsecured environment or rendered vulnerable if third parties or extraneous users are granted excessive access privileges.

To understand just how much sensitive data is out there, Laminar Labs scanned publicly facing cloud storage buckets. We were able to detect personally identifiable information (PII) in 21% of the buckets. The information we uncovered included physical and email addresses, phone numbers, drivers' license numbers, names, loan details, credit scores, and more. As just one example, we discovered a file with contact information, Ethereum and Bitcoin address information, and block card email addresses — all information that could easily be exploited by a hacker.

The majority of this shadow data was misplaced — often placed in a public bucket that became accidentally exposed. In other cases, AWS S3 buckets were misconfigured as public instead of private. Either way, myriad organizations are exposing sensitive data that is completely open to be exfiltrated.

**Three Steps to Better Public Cloud Data Security**

Most security professionals (82%) are aware of — and concerned about — their growing public cloud data security problem. Here's how these experts can move swiftly to mitigate threats:

*   **Discover and classify all cloud data:** A next-generation public cloud data security platform enables teams to auto-discover all their cloud data, not just known or tagged assets. It detects all cloud data holdings in managed and unmanaged assets, virtual instances, shadow data stores, data caches and pipelines, and big data. With this information, the platform builds a comprehensive, consistent data catalog across organizations' multicloud environments. The catalog precisely identifies and classifies all sensitive data, such as PII, personal health information (PHI), and payment card industry (PCI) transaction data.

*   **Secure and control cloud data:** With holistic insights into their sensitive cloud data, security teams can apply and enforce the right security policies and validate data settings against their organization's predetermined guardrails. A public cloud data security platform will reveal outstanding policy violations that can be prioritized in a risk-based manner, based on data sensitivity level, security posture, volume, and exposure.
*   **Remediate risks and monitor activity without interrupting data flow:** Teams can then begin remediating sensitive data without compromising business activity. A public cloud data security platform will prompt teams to apply best practices, such as enabling encryption and limiting third-party access, and practice better data hygiene, by removing unused sensitive data from the environment. This process is called data security posture management and provides recommendations that are tailored to each cloud environment, making them more relevant and effective. In addition, security teams can use the platform to enable continuous data monitoring. By doing so, they can rapidly identify policy violations and ensure public cloud data adheres to the organization's stated security posture and regulations, regardless of where it is stored, used, or moved in the cloud.

**Reduce Public Cloud Data Security Risks Today**

Public cloud data security is too important to be left to chance. In a report we released last year, "State of Public Cloud Data Security, "50% of respondents said their cloud environments had been breached in 2020 and 2021. And of this group, 58% had experienced cloud data leaks or exfiltration.

The best way to protect this valuable data is with a public cloud data security platform that is cloud-native, agentless, asynchronous, and able to scale with data growth. With this resource, IT and security teams can tame the complexity of managing and securing data across multiple vendors and hundreds of services. They can also regain control over sensitive cloud data: applying proper governance, using a risk-based approach to address the areas of greatest concern, and maintaining continuous compliance to avoid data exposures and fines.

Rising Public Cloud Adoption Is Accelerating Shadow Data Risks

Cisco’s acquisition of cloud-native firewall provider Valtix and HPE’s deal to buy SSE provider Axis Security fill gaps in their existing portfolios.

Cloud-native is where the deals are. Last week, Cisco announced a deal to buy Valtix, a startup offering a cloud-native firewall. A few days later, Hewlett Packard Enterprise (HPE) announced its own plans to buy Axis Security, a secure services edge (SSE) provider. Neither company disclosed the terms of the acquisitions, both of which are pending regulatory and shareholder approvals.

Both deals highlight how both companies are interested in cloud-native security capabilities and are filling the gaps in their respective product portfolios. Even so, analysts described both deals as being incremental.

“I see both of these acquisitions primarily as gap fillers,” says Mauricio Sanchez, research director covering network security, SASE, and SD-WAN at Dell’Oro Group. “HPE filled a larger gap by purchasing Axis, while Cisco got some interesting IP.”

**HPE Adds SASE to SD-WAN**

HPE plans to incorporate Axis Security’s SSE capabilities with its existing SD-WAN and network firewall offerings (from its Aruba division) to create a secure access service edge (SASE) offering. SASE provides the function of secure web gateways (SWS), cloud access security brokers (CASB), firewall-as-a-service offerings, and zero-trust network access (ZTNA) tools. Dell’Oro Group forecasts that spending on SSE, which consists of SD-WAN and SASE, will increase fivefold by 2027, when revenues top $60 billion.

HPE Aruba gained its SD-WAN offering to accelerate network connectivity to branch offices with its 2020 acquisition of Silver Peak. But until now, HPE lacked a SASE offering. “If HPE can execute well on that acquisition, it brings them back into the game for a broader SASE play,” says Omdia senior principal analyst Fernando Montenegro.

“With Axis, HPE is now able to say they are an end-to-end SASE vendor versus offering just the networking \[SD-WAN\] piece,” adds Sanchez. “The security element is where the action and money are, so by getting Axis, HPE can double their SAM \[served available market\] in one go.”

However, Axis is a small company with a limited market share, Sanchez warns. “HPE got the technology solution but not the market share,” he says. “They will have to battle it out with the large goliaths, like Zscaler and Palo Alto.”

Sanchez thinks HPE will steer midsize enterprises toward Axis.

**Cisco Will Build a Cloud-Native Firewall**

As for Cisco, Valtix engineers will join the networking giant’s Security Business Group, “where they will work closely to integrate into our Security Cloud portfolio and accelerate our path to delivering a seamless experience in securing workloads across multi-cloud environments,” said Raj Chopra, senior VP and the group’s chief product officer, in a blog post.

The Valtix position is that virtual appliances are not well-suited for multicloud and hybrid environments, a sentiment shared by Omdia’s Montenegro.

“The challenge with deploying virtual firewalls in cloud environments is they don’t integrate as well with the rest of the clouds,” Montenegro says. “You want your network security component, the firewall, to understand how elastic your underlying environment is and to potentially do more than a traditional firewall, which is what Valtix is bringing to Cisco.”

Valtix’s advantage over virtual appliances is that it offers automated orchestration and provides visibility by supporting the integration of cloud provider APIs, the company says. It centralizes and consolidates network security by provisioning distributed enforcement points across Microsoft Azure, Amazon Web Services, Google Cloud Platform and Oracle Cloud Infrastructure. Valtix also offers a web application firewall (WAF), which Valtix says can protect cloud workloads, and it provides low-latency TLS decryption at scale.

Dell’Oro Group’s Sanchez views the Valtix deal as more of an acquisition of intellectual property rather than a “fully baked, market-competitive solution.” Sanchez says that Cisco is behind some of its competitors, such as Palo Alto Networks and Zscaler, in providing a cloud-native security offering.

“Palo Alto, as Cisco’s archnemesis in network security, has successfully monetized both virtual cloud firewalls as well as injecting themselves into the CNAPP market with Prisma Cloud,” he says. “Cisco has been largely on the sidelines. Cisco has a lot of catch up to do, and Valtix does help it incrementally. However, they need to do more, whether it be stitching the various products, like AppDynamics, Tetration, Kenna, together with Valtix to have a go at the CNAPP market, or leverage Valtix to invigorate Firepower \[Cisco’s next generation firewall — NGFW — line) to finally give Palo a run for its money in the cloud.”

Tech Giants Go Cloud-Native Shopping

Categories: Threat Intelligence
A network of online video streaming sites are monetizing traffic with hidden ads. The problem? Advertisers are throwing up to a million dollars every month down the drain as nobody is even seeing the ads.



(Read more...)




The post DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation appeared first on Malwarebytes Labs.

DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

By Waqas
An old version of the Shein app was found to be accessing and copying clipboard content on Android devices before being detected and reported by Microsoft to Google.
This is a post from HackRead.com Read the original post: Microsoft Found Shein App Copying Clipboard Content on Android Phones

****The app was found to send the contents of the clipboard to a remote server if a particular pattern was present, though it is not clear whether there was any malicious intent behind the behaviour.****

Shein, the Chinese online fashion retailer, has come under scrutiny once again, after an old version of its mobile app was found to be accessing the contents of Android device clipboards.

The was discovered by Microsoft, whose Threat Intelligence Team collaborated with Google’s Android Security Team to ensure that the behaviour was removed from the app.

The app was found to send the contents of the clipboard to a remote server if a particular pattern was present, though it is not clear whether there was any malicious intent behind the behaviour. As a result of the disclosure, Google reportedly recognized the risks associated with clipboard access and made improvements to the Android OS.

Shein reportedly removed the behaviour from the application in May 2022, according to the Microsoft advisory. However, the incident has raised concerns about threats targeting clipboards that have already been spotted in the wild.

Shein is the latest Chinese app to be scrutinized by researchers for potentially shady behaviour. Last year, **as reported by Hackread.com**, TikTok’s in-app browser was identified as a potential threat, capable of monitoring user activity on external websites.

These threats can put any copied and pasted information at risk of being stolen or modified by attackers, including sensitive information such as passwords, financial details, and **cryptocurrency wallet addresses**.

To protect against these threats, security researchers recommend users always keep apps up to date and never install apps from untrusted sources. They also suggest removing applications with unexpected behaviours, such as clipboard access toast notifications, and reporting the behaviour to the vendor or app store operator.

Microsoft’s **blog post** also suggests that “Users can protect themselves by watching out for the clipboard access message. If the message unexpectedly shows, they should assume that any data on the clipboard has been potentially compromised, and they should consider removing any applications that make suspicious clipboard accesses.”

The incident comes months after Shein’s holding company, Zoetop, **was fined** $1.9m (£1.69m) for failing to properly inform 32 million customers of a data breach.

It is likely to further damage the retailer’s reputation, which has already **faced criticism** over its fast fashion practices and working conditions in its factories.

As more consumers become aware of the risks associated with mobile app security, retailers and app developers will need to take greater responsibility for protecting user data and privacy.

1.  **TikTokers promoted adware apps**
2.  **US Military Bans TikTok over privacy concerns**
3.  **iOS14 exposed LinkedIn copying users’ keystrokes**
4.  **Chinese hackers aim at Group-IB Cybersecurity firm**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Microsoft Found Shein App Copying Clipboard Content on Android Phones

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1234

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1230

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1236

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1232

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

**Chrome Releases**

Release updates from the Chrome team

CVE-2023-1235: Stable Channel Update for Desktop

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Tag

#google