September 15, 2021

fwd:cloudsec conference this week, Vulnerabilities discovered in AWS - Cloud Security News

3 minutes

Cloud Security News this week - 15 September 2021

Oracle Chief Technology Officer and co-founder Larry Ellison told their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web Services and Microsoft lead the market with Alibaba and Google as the next closest competitors.

The research team at Wiz has recently discovered four vulnerabilities in the little-known software agent called Open Management Infrastructure (OMI) that is embedded in many popular Azure services.When customers sets up a Linux virtual machine in their cloud, the OMI agent is deployed automatically when they enable certain Azure services. Without a patch, attackers can easily exploit these four vulnerabilities to escalate root or highest privileges and remotely execute malicious code. Microsoft has issued a patch to address this during their Patch Tuesday release on 14 September 2021

Last year at the Reinvent Conference Amazon unveiled Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere. Last week they announced the general availability of Amazon EKS Anywhere. It's a deployment option for Amazon EKS that enables you to easily create and operate Kubernetes clusters on premises using VMware sphere. Fully supported by AWS, Amazon EKS will enable users to automate cluster management, reduce support costs and provide the ability to view all their Kubernetes clusters, running anywhere.

Tenable, best known for their IT vulnerability management, has agreed to acquire cloud-native security startup Accurics Inc. for $160 million. Accurics, founded in 2019, states that their platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. Traditionally, Tenable vulnerability management covers physical and virtual infrastructure , they made a few acquisitions in the last 2 years to extend their coverage to cloud and container in an attempt to to provide full coverage across risk identification and mitigation.

fwd:cloudsec hosted their cloud security conference this week in-person and streamed live. fwd:cloudsec is a non-profit, conference on cloud security. You can view the entire conference on you tube or on their website ww.fwdcloudsec.org for discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies. This one is definitely a must attend for all things cloud security

...more