Blog Posts

Research, Updates, Trends, Analysis
Top 5 New Security Challenges in Cloud Environments

While the cloud helps modernize environments and improves remote work models, the evolving cloud landscape also gives rise to new challenges. To adapt quickly to new considerations in the changing cloud landscape, organizations need to address these five new security challenges in cloud environments.

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

Log4Shell - Everything in one place

Security teams all over the world are rushing to deal with the new critical zero-day vulnerability called Log4Shell. This vulnerability in Apache Log4j, a popular open-source Java logging library, has the potential to enable threat actors to compromise systems at scale.

Log4Shell — Forensic Investigation in AWS

In order to mitigate the problems caused by Log4Shell, companies and organizations started patching their systems, but while everyone is busy "locking the doors," the criminals might already be inside. Mitiga is focused on content and research: finding efficient ways to look at artifacts on cloud environments and indicate if there is a reason to believe that the vulnerability has already been used to hack the environment.

How to NOT pay ransomware and live to tell the tale

Ransomware is out of control. So, what can organizations actually do to deal with this tidal wave of attacks? It’s time for organizations to ask themselves the question, “Are we ransomware ready?” And then think about what ransomware readiness really looks like.

Can vulnerabilities in on-prem resources reach my cloud environment?

What risk does this Zoho password manager vulnerability present, and could this on=prem vulnerability impact cloud environments as well?

Lacking readiness, massive breach may be a win for competitors

What seems clear now is that Twitch simply wasn’t ready for an attack. Twitch claims that this latest incident was “a result of a server configuration change that allowed improper access by an unauthorized third party.”

Patches are not enough for VMWare vCenter Server and Cloud Foundation vulns

If you are using either vCenter Server or Cloud Foundation, you must declare an emergency and treat it like you have already been compromised. These critical vulnerability disclosures do not offer a quick and easy patch, and patching alone is not enough.

Learn how ransomware attacks have changed - and how response needs to, too

Ransomware keeps hitting the news these days, filling headlines with stories about organizations struggling with disabled IT systems, inaccessible patient data, unavailable Wi-Fi, and general confusion. Today, organizations are facing an evolving threat, modern ransomware, also called double extortion ransomware.

Cloud Incident Readiness plus No Additional Cost Cloud Incident Response equals Cloud Incident Responsibility