As cryptocurrency prices continue to rise, cybercriminals increasingly leverage crypto mining as a fast and lucrative way to exploit vulnerable systems. One key tactic they use involves targeting exposed Docker daemon ports to deploy cryptocurrency mining containers. This allows attackers to hijack the compute power of compromised systems for their own financial benefit, often without detection.

Exposed Docker Ports: Preventing Crypto- Mining Malware Attacks

How Exposed Docker Daemon Ports Open the Door to Malware — and What You Can Do to Stop It

## PCI DSS 4.0 - No More Exceptions for Cloud Security ##

Starting in 2025, Cloud Service Providers (CSPs) will no longer be exempt from PCI DSS 4.0 when handling payment cardholder data or impacting the security of the cardholder data environment (CDE). This shift signals a fundamental change: cloud security can no longer be an afterthought. To support organizations in evaluating CSP security and compliance, the Cloud Security Alliance (CSA) has updated its Cloud Controls Matrix (CCM) 4.0, aligning it with PCI DSS 4.0.

 Key requirements of PCI DSS 4.0 include:

1. No More Cloud/Container Exceptions - Previously, cloud and container environments had flexibility in meeting PCI DSS requirements. Now, CSPs must adhere to the same rigorous security controls as traditional infrastructures, ensuring end-to-end security for payment data.

2. Risk-Based Vulnerability Management – Organizations must implement a continuous, risk-based approach to vulnerability management, prioritizing the most critical threats in cloud workloads rather than relying solely on periodic scans.

3. Mandatory Runtime Monitoring & File Integrity Monitoring (FIM) – Security must extend beyond static configurations. Real-time monitoring of cloud workloads, including FIM, is now required to detect unauthorized changes and ensure compliance.

With CSA’s CCM 4.0 mapping to PCI DSS 4.0, security teams have a structured framework to enhance cloud security, mitigate risks, and maintain compliance in an era where CSPs are held to the highest security standards.

Read the CSA article to [learn more](https://cloudsecurityalliance.org/blog/2023/09/19/strengthening-cloud-security-mapping-the-cloud-controls-matrix-ccm-4-0-to-pci-dss-4-0).

Strengthening Cloud Security: Mapping the Cloud Controls Matrix (CCM) 4.0 to PCI DSS 4.0

As Kubernetes cements itself as the backbone of modern cloud environments, security practitioners need to understand not just the technology but why it has become synonymous with cloud itself. This article from Dave Blakey dives into:

- Why Kubernetes is now the de facto standard for cloud—enabling scalability, flexibility, and a unified approach to multi-cloud and hybrid environments.

- What sets Kubernetes apart from traditional infrastructure and competitive solutions—and why organizations are making it a core pillar of their cloud strategy.

- The risks that come with Kubernetes' dominance—as adoption skyrockets, security teams must evolve their approach to cloud-native threats.

- Kubernetes isn’t just an option anymore; it’s the foundation of how modern applications are built, deployed, and secured. Understanding its role in shaping cloud strategy is essential for security leaders today.

Do I need Kubernetes?

This article from James Walker, founder of Heron Web, helps the reader develop a multi-cloud, multi-cluster Kubernetes strategy by outlining:

- The basics of multi-cloud Kubernetes

- The advantages and drawbacks of multi-cloud, multi-cluster Kubernetes

- The steps and tools that should be considered in this type of deployment

- A number of best practices

Kubernetes Multi-Cloud Multi-Cluster Strategy Overview

Explore how CIS Benchmarks™ can help harden your multi-cloud environments in this informative session. Learn practical strategies for implementing CIS guidelines in IaaS and SaaS environments, addressing future challenges, and leveraging partnerships to overcome obstacles. 

Discover the critical role of CIS Benchmarks today and how collaborative efforts can enhance your cloud security posture. Don't miss these actionable insights for securing your cloud infrastructure.

Adoption of CIS Benchmarks™ to Enhance Your Cloud Security

In this dynamic fireside chat Jim Reavis, CEO of the Cloud Security Alliance, and Sumedh Thakar, CEO of Qualys. Together, explore the rapidly shifting landscape of cloud security risks and emerging cloud risks impacting organizations worldwide. 

Jim highlights key cloud security trends observed among CSA's vast network of nearly 200,000 members, including their struggles with securing cloud environments and quantifying cloud risks effectively. Sumedh offers insights from Qualys' experience with over 10,000 customers, focusing on the challenges of addressing cloud risks. He discusses how organizations often grapple with fragmented tools and the pressing need for a unified view of risk. Don't miss this insightful discussion comparing real-world challenges and successes in navigating the complexities of cloud security risks and building resilient security strategies.

Decoding Cloud Security Risks: A Fireside Chat with CSA's Jim Reavis & Qualys' Sumedh Thakar

Imagine a breach that cost a company over $150 million in fines, remediation, and lost trust. In 2019, this was an all-too-real situation for one business when vulnerabilities in AWS Instance Metadata Service v1 (IMDSv1) were exploited. A single Server-Side Request Forgery (SSRF) attack, leveraging this hidden flaw, led to the exposure of sensitive data for over 100 million customers. The incident underscores a critical vulnerability in cloud security that many organizations still overlook: the inherent risk of relying on IMDSv1.

Despite the availability of IMDSv2, which addresses the security flaws that were exploited in this attack, countless organizations continue to rely on the outdated IMDSv1, leaving themselves exposed to similar attacks. This blog explores the ongoing dangers of IMDSv1, its potential for massive financial impact, and why transitioning to IMDSv2 is crucial for securing modern cloud infrastructures.

Unmasking AWS Instance Metadata Service v1 (IMDSv1)-The Hidden Flaw in AWS Security

Multi-factor authentication (MFA) failures have fueled a 500% surge in ransomware losses, as noted in an article published by ["The Hacker News"](https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html)—from an average ransom payment of $400,000 in 2023 to $2 million in 2024. And attacks exploiting an MFA failure are getting increasingly advanced. Case in point: In Q3 2023, Retool, a development platform company, faced a significant cybersecurity incident when attackers accessed the accounts of 27 cloud customers despite robust MFA. This breach highlights the evolving sophistication of cyber threats and the need for continuous improvement in security measures.

In this article, we will give a short primer on why it is important to unpack MFA failures like this one, explore the details of the Retool attack, and outline the critical lessons learned for enhancing cloud security.

 When Multi-Factor Authentication Turns Into Single-Factor Authentication

Cloud security is a complex landscape requiring comprehensive tools, policies, and effort at every stage in the cloud services lifecycles. Transitioning to cloud services introduces a new set of security challenges for DevOps and Security teams, who must first understand that using a cloud service provider does not relieve them of security responsibilities.

From the CISO to SecOps teams and DevSecOps teams, it’s imperative for in-house security professionals to learn how to build robust and effective cloud-specific security programs. This whitepaper identifies ten common misconceptions about cloud security and discusses their effects on security efforts. It then addresses how IT and security departments can overcome these fallacies to improve their cloud security posture.

10 Cloud Security Fallacies

With the growing reliance on cloud infrastructure, organizations must be vigilant against potential extortion threats targeting misconfigurations and weak access controls. Unfortunately, extortion threats are a huge problem. According to the [Verizon 2024 Data Breach Investigations Report (DBIR)](https://www.verizon.com/business/resources/reports/dbir/), "Roughly one-third of all breaches involved Ransomware or some other Extortion technique." Hypothetically, an attack could leverage exposed files and credentials to infiltrate cloud environments, escalate privileges, and potentially exfiltrate sensitive data.

This blog will walk through how such an attack might occur, outline the MITRE ATT&CK tactics and techniques relevant to this scenario, and highlight critical best practices for securing cloud environments.

Securing Cloud Environments Against Potential Extortion Threats

Businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance (CSA) report revealed that [98% of organizations worldwide use cloud services](https://cloudsecurityalliance.org/artifacts/state-of-financial-services-in-cloud). Yet, more than 1/3rd of those organizations may not be using key security frameworks like CSA's CCM and CAIQ, which raises questions about how they are managing cloud security and risk. And the potential repercussions of cloud compliance failure range from steep financial penalties and lawsuits to loss of competitive advantage and reputational damage to greater risk of security incidents like data breaches.

That's why understanding cloud compliance has become a critical priority as more organizations transition to cloud-based systems. In this blog, we will explore the importance of cloud compliance, review some common frameworks, and outline 10 best practices to help organizations ensure they remain secure and compliant in the cloud.

Best Practices for Cloud Compliance

The rapid growth of cloud-native applications has popularized the use of cloud-native application protection platforms (CNAPPs), which seek to unify cloud security with cloud scalability demands. However, the approach to consolidation that CNAPP helps deliver is not a guarantee of successful cloud security. To be successful when selecting a CNAPP solution, it's important to consider a few essential key attributes.

Six core must-haves of CNAPPS include:

- Comprehensive Asset Visibility and Context
- Integrated Threat Detection and Response
- Compliance Management
- AI-powered, Contextual Analysis
- Shift-left Security
- Continuous, Dynamic Scanning

The 6 Essential Must-Haves: Cloud-native Application Protection Platform (CNAPP)

With the average cost of a data breach coming in at [$4.45M in 2023](https://www.ibm.com/reports/data-breach?utm_content=SRCWW&p1=Search&p4=43700077724064051&p5=p&p9=58700008523619424&gclid=EAIaIQobChMIy43zlrrUhgMVdCKtBh1feQOHEAAYASAAEgKVxfD_BwE&gclsrc=aw.ds), safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across cloud platforms, underscore the pressing need for robust security measures.

This blog takes a deep dive into an actual case of AWS access key theft, offering insights into the detailed steps taken to detect, respond to, and mitigate the breach. The article then provides best practices to avoid these types of attacks, some data points around average failure rates of AWS IAM-related controls focused on access keys, and showcases the power of Qualys TotalCloud to secure against these types of misconfigurations.

Protect Your AWS Environment by Managing Access Keys Securely

In today's digital landscape, cloud computing platforms have become widespread. Organizations leverage the capabilities of cloud service providers like AWS, Azure, and GCP to store and process their data efficiently. Cloud service providers like the three mentioned above are responsible for the security “of the cloud” itself – the infrastructure, hardware, etc. However, customers bear responsibility for the security “in the cloud” – for safeguarding their sensitive data. As part of that responsibility, encrypting data in the cloud is fundamental, and implementing the best practices for AWS, Azure, and GCP is paramount.

Acknowledging the critical role of encryption in protecting your company's data in the cloud, it is crucial to understand both how to set up encryption properly and that setting up encryption incorrectly can leave your data exposed to potential threats. Many cloud service providers (CSPs) have made encryption a standard feature, free of charge. Enabling encryption is often as easy as checking a box in your settings. It is surprising how often users overlook this simple yet essential security measure.

In this blog post, we list some failure rates for key services across CSPs, give you a little background on cloud encryption, offer a real-world scenario, and then suggest best practices to help you employ encryption for enhanced cloud security.

Securing Your Data—The Power of Encryption in Preventing Threats

As organizations increasingly migrate their operations to the cloud, the need for robust and comprehensive cloud security solutions has never been greater. That's why selecting the right Cloud Security Provider (CSP) to partner with is a crucial decision that can make or break your ability to detect and respond to threats as they happen -- not to mention the significant impact it can have on your organization's overall security posture.

5 Questions To Ask Your Cloud Security Provider Before It's Too Late:

1. Does your CSP provide quick, continuous, and comprehensive assessment of vulnerabilities for all workloads?
2. Does your CSP limit bad scanning results that waste time or leave your cloud infrastructure exposed?
3. Does your CSP manage the security posture and risk for SaaS applications?
4. Does your CSP use AI to detect active exploits and malware at runtime?
5. Does your CSP prioritize risks to guide remediation and provide diverse risk elimination options?

5 Questions To Ask Your Cloud Security Provider Before It's Too Late

Security vulnerabilities pose significant challenges in the rapidly evolving landscape of cloud computing. The recent discovery of an unauthenticated access vulnerability in Google Cloud Dataproc underscores the need for robust cloud security measures.

This risk to Google Cloud Dataproc clusters can lead to data theft, manipulation, or loss. The underlying Open-Source Software (OSS) managed solution lacks adequate security controls, enabling unauthorized access by attackers with knowledge of the Dataproc IP address.

Google's Dataproc [documentation](https://cloud.google.com/dataproc/docs/concepts/accessing/cluster-web-interfaces) highlights the security risk associated with open firewall rules on public networks and recommends caution in setting them up. However, it also emphasizes the need for vigilance against potential attackers who might gain initial access to a Compute Engine instance, as this could allow them unauthenticated access to GCP Dataproc. This scenario underscores the importance of robust security measures at all access points to safeguard against unauthorized access.

To shed light on this issue and help organizations enhance their security posture, in this post, the Qualys TotalCloud team aims to analyze the attack flow comprehensively and offer recommendations for minimizing the associated risks.

Uncovering the Hidden Dangers in Google Cloud Dataproc

In this article, we offer a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as the varying failure rates of database security controls. For this analysis, "failure rates" are the rates at which users are not following database security best practices, as enumerated in the article "[Safeguarding Your Cloud Database from SQL Server Threats and Lateral Movement Risks](https://blog.qualys.com/product-tech/2024/04/18/totalcloud-insights-safeguarding-your-cloud-database-from-sql-server-threats-and-lateral-movement-risks)."

The Qualys research team’s study on database-related control failures across AWS, Azure, and GCP offers an enlightening perspective, suggesting that the varying failure rates are more indicative of the different levels of user expertise and security management practices rather than the inherent capabilities of these cloud services.

A Wake-Up Call on Cloud Database Security Failure Rates

The growth of multi-cloud environments, coupled with the explosion of SaaS within the enterprise, make managing risk not only complex, but often laborious and expensive. One survey found that 98% of enterprises either use or plan to use at least two cloud infrastructure providers, and 31% already use four or more providers.

Another study discovered that SaaS portfolios grew by a whopping 48% from 2021 to 2022 alone. By 2023, organizations reported using an average of 371 SaaS apps.

These burgeoning technologies are pervasive and growing, and they're creating new threats that may not be well covered by traditional security tools.

See the Big Picture With a Unified View of Risk Across Cloud and SaaS Environments

Cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in databases, is crucial, as cybercriminals always seek ways to gain unauthorized access to sensitive information.

Ensuring your database's safety in the cloud is a top priority. A data breach can be disastrous, leading to financial losses, legal trouble, and damage to your reputation. Understanding comprehensive database security strategies is essential to protect your valuable data from ever-evolving digital threats.

In this blog, we will dive deep into the world of database security in the cloud. We'll explore challenges and show you some of the best database protection practices. We'll cover everything from the basics of database security to more advanced topics like encryption and access controls.

Safeguarding Your Cloud Database from SQL Server Threats and Lateral Movement Risks

Subdomain takeover poses a significant security threat in cloud environments. It occurs when a subdomain of a domain (e.g., subdomain.example.com) inadvertently resolves to an external service no longer under the organization’s control. These orphaned subdomains provide attackers with a foothold for deploying malicious activities like phishing, malware distribution, and data exfiltration. This oversight, often unintentional, creates blind spots in security coverage.

[Keytos Research](https://www.keytos.io/blog/2023/05/23/azure-domains-still-vulnerable-to-subdomain-takeover.html) reports discovering over 15,000 vulnerable subdomains monthly in Azure, yet only 2% of organizations actively address this problem. Even major entities like Microsoft are not immune; Keytos identified 700+ vulnerable subdomains associated with Microsoft, underscoring that even large organizations face subdomain vulnerabilities.

This article outlines the impact of a sub-domain takeover, provides an example, and provides examples of the process of establishing an IoC/control.

Crafting Effective Indicators of Compromise (IoCs) for Sub-domain Takeover Risk Detection

Cloud-native application protection platforms (CNAPPs) have emerged as a popular solution for DevOps and SecOps looking to consolidate once-siloed cloud security and management solutions. Understanding the drivers and capabilities behind the CNAPP phenomena may help you maximize the good, minimize the bad, and manage the ugly when it comes to building and maintaining your cloud security strategy.

- The Good: Conceptually, CNAPPs consolidate many previously siloed solutions, such as container security (CS), cloud workflow protection (CWP), cloud security posture management (CSPM), and more.
- The Bad: While CNAPP solutions seek to simplify cloud infrastructure and security, their ability to provide harmonious security is not uniform from vendor to vendor. It's important to understand what kind of vendor you're looking at to minimize the bad.
- The Ugly: The ugly stems from the fact that cloud scalability and security demands often have seemingly conflicting implications for the corresponding teams that manage each need. On the one hand, you have CTOs and DevOps; on the other, SecOps and the CISO.

The Good, the Bad, and the Ugly of Cloud-Native Application Protection Platforms (CNAPPs)

Amazon Web Services (AWS) is the world's largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service (S3) bucket. Amazon S3 is an object storage solution known for its exceptional scalability, data availability, security features, and performance capabilities. S3 buckets are often used by AWS users to store sensitive or critical business data. When these resources are not adequately secured, they become susceptible to unauthorized access, potentially leading to data breaches due to misconfigurations, as evidenced in recent incidents.

Understanding malicious actors' tactics, techniques, and procedures provides valuable insights into preventing or promptly addressing such incidents. Attackers use tools like "S3Scanner" and "[BucketStream](https://github.com/eth0izzle/bucket-stream)" during the reconnaissance phase to identify exposed ports or resources that can serve as entry points into an environment. Many of these exposed resources, such as S3 buckets, result from misconfigurations and inadequate security practices.

If an attacker has obtained credentials, they can infiltrate the environment and identify exploitable assets. Once inside, attackers can escalate their privileges to gain access to sensitive information, manipulate or delete critical infrastructure components, and carry out other malicious actions. These considerations are described in the article; they underscore the importance of robust security measures to safeguard valuable data and infrastructure.

Hidden Risks of Amazon S3 Misconfigurations

As new scanning technologies are released, their supposed superiority is touted over the others. The problem is, however, that there is no best scanning technology; all of them have strengths and limitations. If recent claims from several vendors are believed, a “best” scanning method called snapshot scanning exists. But when we look closely, snapshot scanning has advantages for specific use cases, like being able to scan paused workloads, but there are also many areas where a different scanner type would be a better choice. So, is there an optimal scanning method? 

After reading this blog, it should be clear that the answer is no. At Qualys, we recommend you do not rely on a single scanning method – instead, use multiple scanning technologies when and where they make the most sense.

Why Is Snapshot Scanning Not Enough?

Cloud scanning emerges as the critical solution to secure the ephemeral world of cloud computing, empowering security teams to navigate this intricate environment and proactively mitigate potential risks. Cloud scanning provides the crucial visibility and control needed to protect vital assets and maintain a strong security posture in the cloud.

This article details:

- A quick overview of cloud scanning
- Why it matters 
- The various types of cloud scanning technologies

What Is Cloud Scanning, and Why Does it Matter?

Traditional approaches to vulnerability scanning are no longer sufficient to secure the increasing complexity of dynamic cloud environments. While vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively, the growing prevalence of exploited vulnerabilities, persistent cloud misconfigurations, and exposure to identity leaks require new approaches.

This blog delves into key focus areas to ensure a robust cloud security posture, including actionable steps to meet the persistent challenge of critical misconfigurations in the cloud, detect vulnerabilities in the cloud, and address exposure due to identity leakages and unwanted entitlements.

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

The rapid adoption of cloud services and containerized applications has progressed unabated. See what more than 100 security and IT professionals have to say about the challenges of securing cloud and SaaS assets.

Some highlights:

- 28% of organizations experienced a cloud or SaaS-related data breach in the past year, and among those impacted, 36% were hit multiple times within 12 months.
- 38% find ransomware a top SaaS risk, as defenders fear its ability to shut down systems and generate whopping financial losses.
-60% of respondents rely on two or more tools to safeguard cloud and SaaS assets.
- Only 38% of organizations continuously assess their cloud security, while 25% do it just once a year.
- Almost 1 in 5 have difficulty applying security updates and patches.

Cloud Vulnerability Scanning

Essential cloud security

Cloud Scanning

Getting started with cloud security

What Is Cloud Scanning, and Why Does it Matter?

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

The State of Cloud and SaaS Security Report

Here are the most common cloud security issues. How many do you have?

Dive in with more cloud scanning articles

PCI DSS 4.0 - No More Exceptions for Cloud Security

Get a personalized custom assessment