Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

SaaS (Software as a Service) companies cannot function without certain consumer data. For starters, you’ll need the customers’ names and email addresses for your marketing and sales operations. And as leads turn into customers, you may also need their payment details. Now, as your company collects more consumer data, it also becomes a target for data breaches. Remember the March 2022 HubSpot security incident?

Announced today at AWS re:Invent, Amazon CodeCatalyst brings together everything software development teams need to plan, code, build, test and deploy applications on AWS into a streamlined, integrated experience.

‍ AEC project teams are using point cloud data to enhance their BIM projects. By importing point cloud data into their CAD software, they can get a more accurate representation of the buildings and landscapes they are working on. This can help with design, construction, and even marketing efforts.

SaaS apps have become the “easy button” for organizations seeking a fast and simple way to make foundational business apps available to their employees. According to Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022,” growing 14% over 2021.

In the latest example of a cloud service being exploited for cyber espionage, researchers from Trend Micro have shed light on a campaign, conducted between March and October 2022, targeting government, academic, foundations, and research sectors of multiple countries including Myanmar, Australia, the Philippines, Japan, and Taiwan.

At AWS re:Invent 2022, CrowdStrike is announcing expanded service integrations with AWS to provide breach protection across your AWS environment, simplified infrastructure management and security consolidation. Visit us at Booth 109, Nov. 28-Dec. 2 in Las Vegas, to learn more about our comprehensive integrations with AWS.

With the continual increase of attacks, vulnerabilities, and misconfigurations, today’s security organizations face an uphill battle in securing their cloud environments. These risks often materialize into unaddressed alerts, incidents, and findings in their security products. However, part of the issue is that many security teams are often stretched too thin and overburdened by alert fatigue.

Devo recently announced that it has entered into a strategic collaboration agreement with Amazon Web Services (AWS). This is a significant milestone for Devo and great news for our mutual customers with AWS. We caught up with Tony Le, cloud partnerships director, to take a deeper dive into what this means and how the collaboration will benefit our users in the long run.