Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cloud Computing. Show all posts

Nvidia Unveils Latest AI Chip, Promising 30x Faster Performance

 

Nvidia, a dominant force in the semiconductor industry, has once again raised the bar with its latest unveiling of the B200 "Blackwell" chip. Promising an astonishing 30 times faster performance than its predecessor, this cutting-edge AI chip represents a significant leap forward in computational capabilities. The announcement was made at Nvidia's annual developer conference, where CEO Jensen Huang showcased not only the groundbreaking new chip but also a suite of innovative software tools designed to enhance system efficiency and streamline AI integration for businesses. 

The excitement surrounding the conference was palpable, with attendees likening the atmosphere to the early days of tech presentations by industry visionaries like Steve Jobs. Bob O'Donnell from Technalysis Research, who was present at the event, remarked, "the buzz was in the air," underscoring the anticipation and enthusiasm for Nvidia's latest innovations. 

One of the key highlights of the conference was Nvidia's collaboration with major tech giants such as Amazon, Google, Microsoft, and OpenAI, all of whom expressed keen interest in leveraging the capabilities of the new B200 chip for their cloud-computing services and AI initiatives. With an 80% market share and a track record of delivering cutting-edge solutions, Nvidia aims to solidify its position as a leader in the AI space. 

In addition to the B200 chip, Nvidia also announced plans for a new line of chips tailored for automotive applications. These chips will enable functionalities like in-vehicle chatbots, further expanding the scope of AI integration in the automotive industry. Chinese electric vehicle manufacturers BYD and Xpeng have already signed up to incorporate Nvidia's new chips into their vehicles, signalling strong industry endorsement. 

Furthermore, Nvidia demonstrated its commitment to advancing robotics technology by introducing a series of chips specifically designed for humanoid robots. This move underscores the company's versatility and its role in shaping the future of AI-powered innovations across various sectors. Founded in 1993, Nvidia initially gained recognition for its graphics processing chips, particularly in the gaming industry. 

However, its strategic investments in machine learning capabilities have propelled it to the forefront of the AI revolution. Despite facing increasing competition from rivals like AMD and Intel, Nvidia remains a dominant force in the market, capitalizing on the rapid expansion of AI-driven technologies. As the demand for AI solutions continues to soar, Nvidia's latest advancements position it as a key player in driving innovation and shaping the trajectory of AI adoption in the business world. With its track record of delivering high-performance chips and cutting-edge software tools, Nvidia is poised to capitalize on the myriad opportunities presented by the burgeoning AI market.

Escalating Global Threats Targeting Cloud Infrastructure

 

Cloud computing's quick uptake has fundamentally changed how businesses manage and keep their data. However, as cloud environments become more and more popular, an alarming increase in cyber threats targeting them has also occurred. The sophistication of attacks on clouds is rising globally, according to recent studies and industry publications, illuminating the changing character of cyber threats.

According to a comprehensive global study on cybersecurity, the sophistication of attacks on clouds has witnessed a notable surge. The report emphasizes the need for enhanced security measures to counter these evolving threats. One of the key findings reveals that India, a major player in the IT industry, has experienced a significant increase in cloud-related cyber incidents. This highlights the urgency for organizations to prioritize their cloud security strategies to safeguard sensitive data.

Thales Data Threat Report's analysis highlights the threat's escalating severity. The biggest reasons of cloud data breaches on a worldwide scale, according to the research, are an increase in ransomware assaults and human mistakes. Organizations must deploy strong security measures to safeguard their cloud assets since fraudsters are using more sophisticated approaches. Ensuring the security, integrity, and availability of data is crucial as cloud-based services increasingly permeate company operations.

Experts caution that a proactive and multi-layered strategy for cybersecurity is necessary in light of these growing risks in cloud platforms. Traditional security measures alone are no longer sufficient. To effectively manage threats, organizations must use cutting-edge technologies and create a thorough security strategy. The importance of data security and encryption techniques, which are essential for securing cloud-stored data, is also emphasized in the paper.

The necessity for stronger security measures is also stressed by a research report on the worldwide cybersecurity business. In order to counter the increasingly complex nature of cyber threats, the research emphasizes the rising demand for cybersecurity solutions and services. It shows that businesses in a range of industries are putting more money into cutting-edge security tools to safeguard their cloud infrastructure and fend off complex threats.

Industry experts stress the value of keeping up with the most recent security trends and implementing preventative security measures in light of these findings. To inform employees of the possible hazards involved with cloud-based operations, organizations must emphasize security awareness training. Strong access controls, frequent vulnerability scans, and the use of threat intelligence tools are essential elements in enhancing cloud security.

Organizations must continue to be cautious and aggressive in their cybersecurity efforts as cloud threats' sophistication continues to rise internationally. Protecting cloud environments against developing cyber threats requires putting in place a thorough security strategy, utilizing cutting-edge technology, and promoting a culture of security awareness.



GAO Urges Federal Agencies to Implement Key Cloud Security Practices

The Government Accountability Office (GAO) has called on federal agencies to fully implement essential cloud security practices in order to enhance their cybersecurity posture. In a recent report, the GAO highlighted the importance of adopting and adhering to these practices to mitigate risks associated with cloud computing.

According to the GAO, four federal departments have not fully implemented cloud security practices, which puts their systems and data at increased vulnerability. The report emphasizes that addressing these shortcomings is critical for ensuring the confidentiality, integrity, and availability of sensitive information stored in the cloud.

Cloud computing offers numerous benefits to federal agencies, including increased efficiency, scalability, and cost-effectiveness. However, it also introduces unique cybersecurity challenges that must be addressed proactively. The GAO report outlines several key security practices that agencies should prioritize to strengthen their cloud security posture.

One of the primary recommendations is to implement strong identity and access management controls. This involves ensuring that only authorized individuals have access to sensitive data and systems and that user privileges are properly managed and monitored. By implementing multi-factor authentication and robust user access controls, agencies can significantly reduce the risk of unauthorized access.

Another crucial aspect highlighted by the GAO is the need for comprehensive data protection measures. This includes encrypting sensitive data both at rest and in transit, implementing secure data backup and recovery processes, and regularly testing the effectiveness of these measures. By employing encryption and backup protocols, agencies can minimize the impact of data breaches or system failures.

Additionally, the GAO emphasizes the importance of monitoring and logging activities within cloud environments. By implementing robust logging mechanisms and real-time monitoring tools, agencies can detect and respond to security incidents promptly. This enables them to identify unauthorized access attempts, suspicious activities, and potential vulnerabilities that could be exploited by attackers.

The GAO report further highlights the significance of training and awareness programs for agency personnel. It recommends providing comprehensive cybersecurity training to employees, ensuring they are aware of potential threats, best practices, and their role in maintaining a secure cloud environment. Regular training and awareness initiatives can help strengthen the overall security culture within agencies.

The GAO study concludes by serving as a reminder to government agencies of the significance of fully implementing important cloud security measures. Agencies can dramatically improve their cybersecurity posture in the cloud by giving priority to identity and access control, data protection, monitoring, and training. Federal agencies must act quickly on these recommendations and set aside the necessary funds to guarantee the integrity and security of their cloud-based systems and data.

The Rising Popularity of Remote Browser Isolation

Browser Isolation

The Importance of Browser Isolation in a Remote Work Environment

The COVID-19 pandemic has caused a seismic shift in the way we work, with remote work becoming the norm for many organizations. While this has brought numerous benefits, it has also presented new security challenges. In response, companies have turned to remote browser isolation as a solution. 

According to the "Innovation Insight for Remote Browser Isolation" report by Menlo Security, remote browser isolation is a rapidly evolving technology that is gaining popularity due to its ability to provide a secure browsing experience. In this blog, we will explore some of the key findings of this report and examine the growing importance of remote browser isolation in today's business landscape.

Amit Jain, who holds the position of Senior Director of Product Management at Zscaler, a cloud-based security company, suggests that due to the increasing number of remote employees utilizing cloud services, browser isolation has become essential in safeguarding both corporate cloud services and the employee's device.

He says, "For modern enterprises, the Internet is now the corporate network. This shift has enabled workers to work from anywhere while being able to access the information they need for their jobs through cloud-based apps and private apps via the Web, while this has provided maximum flexibility to workers, it has also significantly expanded the attack surface and has the potential to expose data."

Key Trends in Remote Browser Isolation: An Analysis of Menlo Security's Report

1. Growing Popularity of Remote Browser Isolation: It is quickly gaining traction as a key security technology, with many organizations recognizing its ability to protect against web-based threats.

2. Increased Need for Scalable Solutions: As more companies adopt remote work policies, the need for scalable remote browser isolation solutions has become more pressing. Many companies are exploring cloud-based solutions to meet this need.

3. The Importance of User Experience: Despite its security benefits, remote browser isolation can be challenging to implement in a way that provides a seamless user experience. The report highlights the importance of user experience in driving the adoption and suggests that solutions that prioritize ease of use are likely to gain traction.

4. New Threats and Attack Vectors: As with any security technology, remote browser isolation is not immune to evolving threats and attack vectors. The report discusses some of the emerging threats that remote browser isolation must contend with and suggests that ongoing innovation in this space will be critical in order to stay ahead of attackers.

5. Integration with Other Security Technologies: Remote browser isolation is most effective when integrated with other security technologies such as secure web gateways and endpoint security solutions. 

Browser Isolation Solutions: Will companies isolate?

Gartner says, "By 2022, 25% of enterprises will adopt browser isolation techniques for some high-risk users and use cases, up from less than 1% in 2017. By effectively isolating endpoints from browser-executable code, attacks that compromise end-user systems will be reduced by 70%, while eliminating the need to detect or identify malware."

Larger companies operating in regulated industries have tended to adopt remote browser isolation due to its ease of deployment and its physical air gap, which provides an additional layer of security. 

Small and medium-sized enterprises tend to opt for local browser isolation technology due to its flexibility. As expected, vendors have varying opinions on whether standalone or integrated solutions are preferable.

Mr. Jain from Zscaler said "The technology should be fully integrated into the zero trust platform providing threat protection for all Web activity and preventing data loss from sanctioned SaaS and corporate private apps. Moreover, HTML smuggling [and other] attacks can be better thwarted by an architecture which involves a tighter combination of browser isolation and sandbox technologies."

As cloud usage has increased, browser isolation has become even more important. Cloud services are often accessed through web browsers, and if a user's device is compromised, the sensitive data stored in the cloud is also at risk. However, using browser isolation significantly reduces the risk of a data breach.

Mark Guntrip, senior director at Menlo Security, said "It's not the fact of what we do — it's the fact that we do it without interfering with that digital experience of the end user." So they can interact with whatever they want. They can click on whatever they want, but we hold anything that's active away from them"



 Massive DDoS Attack was Thwarted by Cloudflare

 

Prioritized firms like gaming providers, hosting providers, cloud computing platforms, and cryptocurrency enterprises, according to Cloudflare, emanated from more than 30,000 IP addresses.
The greatest volumetric distributed denial-of-service (DDoS) attack that Cloudflare has seen to date was stopped.

The greatest attack, which is the largest documented HTTP DDoS attack, topped 71 million rps, per Cloudlare's analysis. The volume is 35% greater than the previous record, 45 million rps from June 2022, which had been recorded.

The FBI accused six suspects of their involvement in running 'Booter' or 'Stresser' platforms, which anybody can use to execute DDoS attacks, in response to this stream of continuously escalating attacks, and seized dozens of Internet domains. Operation PowerOFF, a larger, more coordinated worldwide law enforcement operation against DDoS-for-hire services, included the action.

Cloudflare has been collaborating with the victims to strike down the botnet and is providing service providers with a free botnet threat feed that will transmit threat intelligence from their IP and any ongoing attacks coming from their hosted autonomous system.

Researchers cautioned entities to take action immediately before the next campaign: protecting against DDoS attacks is crucial for organizations of all sizes, even while DDoS attacks on non-critical websites might not result in permanent harm or safety hazards. DDoS attacks against internet-facing equipment and patient-connect technology in the healthcare industry put patients' safety at risk.



An In-Depth Exploration Of Cloud Hacking And Its Methods

 


Regardless of the size of a business or industry, cloud computing practices are becoming an increasingly popular IT practice among companies. It is a technological process that provides different services through the Internet on an on-demand basis. The resources involved in this process are various kinds of tools and applications, including software, servers, databases, networking, and data storage. It has become the most common threat in the industry because cloud hacking has become more popular due to its growing popularity.

Cloud computing, by using the Internet to store files, offers the possibility of saving files to a remote database instead of a proprietary hard drive or a local storage device. If an electronic device has access to the internet, it can access the data on the web and the software program that runs the data. This is as long as it has internet access.

It has therefore become the preferred option for both people and businesses for several reasons, including cost savings, increased productivity, speed and efficiency, performance, and security. 

As cloud computing is growing more and more popular, it is hardly surprising that the cloud is a target for hackers, the threat of cyber-hacking has seen a rapid increase following the widespread adoption of cloud computing. 

Cloud computing resources must be integrated into a company's cybersecurity strategy as an integral part of the defense against cybercrime to bolster the company's defenses. Using ethical hackers to scan cloud computing environments for vulnerabilities will allow businesses to maintain the highest degree of security. This will enable them to patch any security flaws before the attackers can exploit them.

How Does Ethical Hacking Work in Cloud Computing?


Because the choices for cloud computing are so diverse, cloud computing is now being used in some form or another by 98 percent of companies. Cloud services are often perceived as more secure than their counterparts, although they have their own set of problems when it comes to cloud hacking. 

In the wake of the exponential rise of cyberattacks on cloud-based applications, businesses need to find trusted security experts who can fix vulnerabilities and close any holes that could lead to attackers entering their systems through these channels.

It is important to protect cloud computing resources from security vulnerabilities in ethical hacking, just as it is essential to protect any other part of the information technology system. In terms of ethical hacking, there are many hats that ethical hackers wear when it comes to cloud computing. A major part of what ethical hackers do in cloud computing is identify security weaknesses and vulnerabilities in the computing infrastructure for organizations. This is being done to strengthen the security of the cloud service.


The Types of Cloud Computing: What Are They?


It is imperative to know that there are several different types of cloud computing that you can select according to your requirements. As a first step to classifying cloud services, you should start by determining where the cloud services are physically located:

Cloud services that are available to the general public are often called public cloud services because they are hosted and provided by third parties.

Private clouds are the cloud services available only to private individuals who want to use them for personal purposes.  Depending on their needs, they can either be hosted by the company itself or by a third-party service provider.

Alternatively, we can say that the customer uses a hybrid cloud strategy, in which the customer uses both public and private cloud services, for e.g., he uses a public cloud application and a private cloud database to store sensitive data.

Ethical hackers should familiarize themselves with the following cloud computing offerings as examples of how they can make use of the internet:

There is a common misconception regarding what Software as a Service means. Software as a service (SaaS) means that the cloud provider is responsible for updating and maintaining the software applications for the customer. The use of SaaS for business purposes includes the use of productivity applications such as Microsoft Office 365 as a common example.

'PaaS' stands for the platform as a service, and it provides customers with the ability to develop and run applications on a platform to that they have access. There are several examples of cloud computing services available, such as Microsoft Azure and Google App Engine.

As the name suggests, Infrastructure as a Service (IaaS) offers its customers access to hardware resources, such as computing, memory, storage, and networks through a subscription-based service. It should be noted, however, that customers have to provide their software that runs on the infrastructure.

Cloud hacking methodology: Essentials


Following the explanation of “What is cloud hacking?” and “What is cloud exploitation?" we will examine the methodology of cloud hacking. These are some examples of the kinds of attacks that ethical hackers must be aware of in the world of cloud computing to protect themselves.

Attacks using brute force, a brute-force attack is the easiest way to break into a cloud-based service, which involves trying several different combinations of usernames and passwords to see which one works. After gaining access to the system, adversaries can proceed to wreak havoc on the system and exfiltrate data from the cloud the same way they can do with any other kind of attacker.

Phishing is a different strategy than brute force attacks. This is because it impersonates a trusted third party to steal credentials from users by impersonating that third party. This is a more sophisticated kind of attack where the message is tailored to a particular individual consisting of data that is very specific.

A credential stuffing attack is one in which employees at an organization reuse their usernames and passwords across multiple services within their company. This puts the company at risk of being the victim of a credential-stuffing attack. An adversary can verify whether or not a list of user credentials stolen from a previous attack is a valid account on a different IT system. This is done by browsing through its database containing the stolen credentials.

As the cloud computing industry moves further towards the advancement of cloud computing, ethical hackers play an active role in the process. There have been an increasing number of cyberattacks on cloud infrastructure over the past few years. Ethical hacking is a key factor in making sure all businesses of any size and in any sector have appropriate defenses in place.

Researchers Discovered a Vulnerability in Microsoft Azure's Cosmos DB

 

According to a copy of the email and a cyber security researcher, Microsoft warned thousands of its cloud computing customers, including some of the world's largest organizations, that intruders might read, update, or even delete their major databases. Researchers uncovered a "serious" vulnerability in Cosmos DB, a Microsoft Azure flagship database product, that allows an attacker to read, write, and remove data from Cosmos DB customers. 

Microsoft's proprietary database service Cosmos DB was launched in 2017 and is offered through the tech giant's cloud computing platform Azure. Coca-Cola, ExxonMobil, and Schneider Electric are just a few of the world's major organizations that utilize it to manage their data. Many of Microsoft's own programmes, such as Skype, Xbox, and Office, use Cosmos DB. 

Wiz's research team realized it was possible to gain access to keys that controlled access to databases owned by tens of thousands of companies. Ami Luttwak, Wiz's Chief Technology Officer, was previously the CTO of Microsoft's Cloud Security Group. Because Microsoft is unable to alter those keys on its own, consumers were emailed on Thursday and were told to create new ones. According to an email from Microsoft to Wiz, the company promised to pay them $40,000 for discovering and reporting the flaw. 

Wiz, which was founded by ex-Microsoft workers, identified the flaw on August 9, 2021. Three days later, the cybersecurity firm notified Microsoft about the problem. Microsoft's security teams disabled the vulnerable feature within 48 hours, according to Wiz. 

There was no evidence that the flaw had been exploited, according to Microsoft's notification to customers. The email stated, "We have no indication that external entities other than the researcher (Wiz) had access to the primary read-write key."

“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.” Even clients who have not been contacted by Microsoft may have had their keys swiped by attackers, giving them access until their keys are changed, according to Luttwak. 

The flaw was found in Jupyter Notebook, a visualization tool that has been available for years but was only enabled by default in Cosmos in February. 

Microsoft has been plagued by bad security news for months. The same alleged Russian government hackers who entered SolarWinds and stole Microsoft source code broke into the company. Then, while a patch was being created, a large number of hackers got into Exchange email servers.

Researchers Detail the New Two-Step Cryptography Technique

 

The accessibility of computer system resources on-demand, in particular data storage and computational power, without direct active user management is cloud computing. The terminology is commonly used to characterize data centers for several Internet users. Cloud computing has as its primary objective the provision of rapid, simple, cost-effective computing and data stocking services. The cloud environment, however, presents data privacy problems. 

The key method used to strengthen cloud computing security is cryptography. By encrypting the saved or sent data, this mathematical technique protects it, so that only the intended recipient can understand it. Although various encryption techniques exist, though none are properly secured and new technologies are still being sought so that the increasing risks to privacy and security in data are countered. 

With all that in mind, the most important question that arises is “How the two-step cryptography technique works?” 

A group of researchers from Indian and Yemen described the revolutionary two-step cryptographic method – the first to combine genetic technologies with mathematical techniques. This explanatory study by the researchers is published in the International Journal of Intelligent Networks in KeAi. As per the writers of the report, a highly secure and flexible encrypted environment can be created which could trigger a paradigm shift in data secrecy. 

The paper’s corresponding author, Fursan Thabit of Swami Raman and Teerth Marathwada University in India, explains: “Some existing famous ciphers use the Feistel structure for encryption and decryption. Others use the Network SP (Substitution-Permutation). The first level of our encryption uses a logical-mathematical function inspired by a combination of the two. Not only does it improve the complexity of the encryption, but it also increases energy efficiency by reducing the number of encryption rounds required.” 

The second encryption layer by the researcher is influenced by genetic technological structures based on the Central Dogma of Molecular Biology (CDMB). It models the actual genetic code operations (binary to DNA base translations), transcription (DNA to mRNA regeneration), and translation (regeneration from mRNA to protein). 

They are the first to integrate the concepts of DNA, RNA, and genetic engineering for cryptographic matters and the first to merge the genetic encrypting process with mathematics to create a complex key. 

By evaluating the encrypting time, decryption time, output, and length of the ciphertexts produced, the researchers have assessed their novel algorithm robustness. They observed that their suggested algorithm has great safety strength and is extremely versatile compared with several other genetic encryption approaches and existing symmetric key encryption techniques. It takes less time than most other procedures as well. 

However, the algorithm's obvious structure – two layers of encryption that only incorporates four coding rounds - reduces the complexity of computing and processing strength. 

Thabit explains: “That clear structure means each round requires only simple math and a genetics simulation process.”

Data Breach at Digital Oceans Leaves Customer Billing Data Exposed

 

Digital Ocean, a cloud solutions provider, informs certain clients that the billing information they receive may indeed be breached as someone has exploited a flaw inside the central database of the company. 

US - Based Digital Ocean, Inc. is a supplier of cloud computing with global data centers located in New York City. Digital Ocean offers cloud services for developers which help build and scale applications distributed across multiple computers concurrently. 

Digital Ocean stated in an email to clients that the unauthorized access took place between 9th and 22nd April 2021 but was only "confirmed" seemingly on 26 April. 

“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed,” the company told customers. Digital Ocean affirms that only a "small percentage" of its users have been affected and therefore no intervention is necessary. 

The billing information leaked includes the name, address, expiry date of the payment card, last four digits of the payment card, and the name of the bank issuing the card. The organization pointed out that the entire credit card details were not stored as this kind of information was not revealed. 

“According to our logs approximately 1% of billing profiles were impacted,” Tyler Healy, VP of security at Digital Ocean, told Security Week in an emailed statement. “This issue has been fixed and we have informed the impacted users and notified the relevant data protection authorities.”

Over one million programmers from each country in the world use its resources on its web portal added, Digital Ocean. 

Last year the company announced to its customers that some of their information had been disclosed after a document file had been published accidentally, though at that point it was sure that the documentation was not malicious. 

Furthermore, the email reads as “yesterday we learned that a digital ocean owned document from 2018 was unintentionally made available via a public link. This document contained your email addresses and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018. After a detailed review by our security team, we identified it was accessed at least 5 times before the document was taken down.” 

They also affirmed that they will be teaching their employees how to protect customer data, establish new protocols to warn everyone timelier about possible exposures, and make adjustments in specification to avoid future exposure of data.

Over Rs 6 lakh attempted attacks on Mumbai cloud server honeypot

At least 678,013 login attempts were made on Mumbai cloud server honeypot making it the second biggest attack spread over a month, after Ohio, US, honeypot that recorded more than 950,000 login attempts during the same time period, among a total of 10 honeypots placed globally, global cyber security major Sophos said on Wednesday. This demonstrates how cybercriminals are automatically scanning for weak open cloud buckets.

A honeypot is a system intended to mimic likely targets of cyberattackers for security researchers to monitor cybercriminal behaviour. The first login attempt on the Mumbai honeypot was made within 55 minutes and 11 seconds of going live.

On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot. The honeypots were set-up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.

Sophos announced the findings of its report, Exposed: Cyberattacks on Cloud Honeypots.

With businesses across the globe increasingly adopting Cloud technology, the report revealed the extent to which businesses migrating to hybrid and all-Cloud platforms are at risk. It has thus become vital for businesses to ensure compliance and to know what to protect.

“The aggressive speed and scale of attacks on devices demonstrates the use of botnets to target an organisation’s cloud platform. In some instances, it may be a human attacker. However, regardless of this, companies need to set a security strategy to protect what they are putting into the cloud,” said Sunil Sharma, managing director, sales at Sophos (India & SAARC).

However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.

Key features in Sophos Cloud Optix include:

Smart Visibility - Automatic discovery of organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes.

Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time.

AI-Based Monitoring and Analytics - Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behaviour with smart alerts and optional automatic risk remediation

"US’ Giant Military Contract Has a Hitch", Says Deap Ubhi, an Entrepreneur of Indian Descent.





The founder of a local search site “Burrp!”, Deap Ubhi is a lesser known entrepreneur.

He joined Amazon in 2014 and motivated start-ups and other organizations to embrace cloud computing products.

He in less than a couple of years left, on a journey to start a company that furnished technology to restaurants.

Later on, he joined a Pentagon effort to employ techies. He wished to make a super effective search engine and according to what he said, also to help American people.

But as it turns out, Ubhi’s part in the Pentagon has landed him right in midst of one of the most prominent federal IT contracts.

A $10 billion deal of getting cloud computing to Pentagon, attracted the top tech companies when the project was announced in 2017.

Microsoft, Amazon, IBM, Oracle and Google, all wanted to seal the deal in their own ways.



But there was a catch to it all; the contract would go to only ‘one’ cloud vendor. And Amazon happened to close the deal with the capability of fulfilling Pentagon’s demands.

This is where Ubhi came in, especially his ties with Amazon, a place where he now works again.

Oracle, who under no circumstances could have landed the deal, vehemently criticized the one-vendor attitude.

The organization is now fighting in a federal court about Ubhi’s alleged inclination towards Amazon and its effect on the said deal.

Before the suit was filed, Pentagon had no found no suspicious influence of Ubhi and hence kept evaluating the deal despite Oracle’s lawsuit.

Further on, more information about Ubhi was discovered and Pentagon declined a request for disclosing it.

The winner of the deal was to be announced in April. When contacted by Amazon, both Ubhi and Pentagon refused to comment.

Oracle didn’t comment on the issue outside the court but during the proceedings it mentioned Ubhi’s outspoken inclination towards Amazon by providing the proof of a tweet via Ubhi’s handle.

According to the White house press secretary, the president of the US is not a part of this war of the vendors.



President Trump has never been involved in a government contract before so if he as much as even points at something regarding this situation it would be a first.

The cloud contract is being overseen by a Defense Department Procurement Official, commonly known as the Joint Enterprise Defense Infrastructure (JEDI).

The detection of the officials who’s actually chose the winner has not been made yet.

The Pentagon’s transition to cloud computing is being seen to by a team directed by the chief information officer, Dana Deasy.

Cloud computing would contribute a lot in the battlefield and hence the American government is keen on giving the contract to the best.

Reportedly, for some time Ubhi worked on a market research for JEDI while he was working at Pentagon.

Oracle in the court cited the internal documents where Ubhi articulated support towards a single cloud approach.

Oracle also thinks Ubhi had something to do with the decision to select a single cloud provider.



In return, Amazon said that Ubhi worked on JEDI only for seven weeks that too at the early stages and that there were over 70 people involved in the development.

Amazon and Ubhi’s ‘Tablehero’ were to engage in a partnership of which there is no proof as yet. Ubhi hasn’t been replying to the emails of investors either.

Pentagon mentioned that the single cloud would let the movement be faster and ensure more security. This statement was later asserted by the Government Accountability Office.

Both IBM and oracle filed heavy protests against the Government accountability Office which was later denied in Oracle’s case and rejected for IBM.

Oracle, which has a small cloud market shares, then took the issue to the federal courts of the US.

The Oracle lawsuit stands to profit Microsoft as it now has improved capabilities and hence could be a strong competitor to Amazon.

It doesn’t matter whether Ubhi molded the contract. Pentagon’s justifications support its decision to use a single cloud approach.

The major motivation behind the decision has always been helping the defense make better data driven decisions.

Multi-factor authentication bypassed to hack Office 365 & G Suite Cloud accounts



Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor authentication (MFA) according to an analysis by Proofpoint.

As noted by Proofpoint's Information Protection Research Team in a recent report, during a "recent six-month study of major cloud service tenants, Proofpoint researchers observed attackers are targeting legacy protocols with stolen credential dumps to increase the speed and efficiency of the brute force attacks.

Based on Proofpoint study, IMAP is the most abused protocol, IMAP is the protocol that bypasses MFA and lock-out options for failed logins.

This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.

These intelligent new brute force attacks bring a new approach to the traditional normal brute force attack that uses the combination of usernames and passwords.

Based on the Proofpoint analysis of over one hundred thousand unauthorized logins across millions of monitored cloud user-accounts and found that:

▬ 72% of tenants were targeted at least once by threat actors
▬ 40% of tenants had at least one compromised account in their environment
▬ Over 2% of active user-accounts were targeted by malicious actors
▬ 15 out of every 10,000 active user-accounts were successfully breached by attackers

Their analysis unearthed the fact that around 60% of all Microsoft Office 365 and G Suite tenants have been targeted using IMAP-based password-spraying attacks and, as a direct result, approximately 25% of G Suite and Office 365 tenants that were attacked also experienced a successful breach.

On the whole, after crunching down the numbers, Proofpoint reached the conclusion that threat actors managed to reach a surprising 44% success rate when it came to breaching accounts at targeted organizations.

The ultimate aim of the attackers is to launch internal phishing and to have a strong foothold within the organization. Internal phishing attempts are hard to detect when compared to the external ones.

Vulnerabilities in High-Performance Computer Chips; Leading To Failures in Modern Electronics



Researchers from Washington State University found vulnerabilities in the high performance computer chip. They found that the on-chip communication system affects the lifetime of entire computer chip shortening it fundamentally by purposely including the malignant workload.

Apple and Samsung are not far behind as they too have been blamed for misusing the vulnerabilities in their very own hardware and sending software updates that purposefully slow down the prior phone models to urge customers to buy the new products.

Notwithstanding of the past researchers having contemplated the computer chip parts, similar to the processors, the computer memory and circuits for security vulnerabilities still the WSU research team has discovered huge vulnerabilities in the modern communications backbone of the high performance computer chips.

The communication systems are of extreme importance to the high performance computers as they are thusly created to utilize an expansive number of processors and in particular the parallel processing and cloud computing.

Now so as to test the communications systems the researchers have conceived three "cunningly built malicious" attacks. They found that a predetermined number of pivotal vertical links of the communication system were especially 'vulnerable to fail'.

Pande, a researcher of Indian origin who alongside the other researchers found the vulnerabilities in the first place says,
 “We determined how an agent can target the communication system to start malfunctions in the chip.The role of the communications and the threat had not been clear to the research community before.”

The specialists have now begun attempting to create different courses down the lines of automated techniques and algorithms to moderate the issue and to attempt and identify as well as thwart the attacks.