Categoria: News

To meet LGPD, GDPR and ISO 27001 requirements in a cloud-only environment, treat each cloud account as part of one governed, documented security program. Define roles, classify data, enforce strong IAM and encryption, monitor continuously, and collect evidence from cloud-native tools to prove that controls run effectively over time. Essential Compliance Goals for Cloud-Only Infrastructures…

Cloud IAM problems in production usually come from a few repeatable errors: overly broad roles, broken trust relationships, unsafe service accounts, and missing conditions. To avoid outages and leaks, test changes in read-only, use least-privilege, add context-aware policies, monitor aggressively, and keep a simple rollback plan for every IAM modification. Most impactful misconfigurations to inspect…

The evolution of cloud infrastructure attacks: from curiosity to industrialized crime From “someone left an S3 bucket open” to full-blown kill chains When cloud started going mainstream, most incidents were almost boring: misconfigured storage buckets, leaked keys on GitHub, default passwords on management consoles. Attacks were opportunistic and noisy. Fast‑forward a decade and we’re looking…

From flat LANs to cloud microsegments: how we got here If you look back, network segmentation started as something almost crude. In the 90s, most corporate networks were huge flat LANs, where a single broadcast domain covered entire offices. Firewalls guarded only the edge, because everyone assumed “inside = trusted”. Worms like WannaCry and NotPetya…

Serverless security looks deceptively simple: you write a small function, deploy, and let the cloud provider handle the rest. The catch is that “the rest” hides a pile of shared responsibility details, and attackers absolutely know where those gaps are. In this article we’ll walk through real‑world risks de segurança em ambientes serverless, what actually…

Intrusão teria atingido grande operador do PIX [ Esta notícia está em atualização ] O portal CISO Advisor solicitou oficialmente esclarecimentos à JD Consultores sobre um possível incidente de segurança em sua infraestrutura tecnológica, que pode ter alcançado inclusive certificados digitais usados em operações críticas. A empresa é uma das principais provedoras de serviços ligados…

In 2026, keeping Kubernetes safe is less about “add some RBAC and hope” and more about building a continuous security loop around your clusters, workloads and CI/CD. Attackers now abuse AI-assisted recon, supply‑chain malware and sidecar hijacking, so segurança em kubernetes has to cover everything: from developer laptops to the last node in the production…

Phishing com falsos convites para calls: novo truque para tomar PCs corporativos Convites falsos para reuniões em plataformas como Zoom, Microsoft Teams e Google Meet vêm sendo explorados por cibercriminosos para assumir o controle de computadores de empresas. O ataque se apoia em um dos hábitos mais comuns do trabalho moderno: entrar em videoconferências o…

Por que integrar SIEM e observabilidade em multi cloud não é opcional Se você já passou do ponto de ter “só um” provedor cloud, provavelmente está naquele cenário caótico em que AWS, Azure e Google Cloud convivem, cada time usa o que quer, e os logs viram um labirinto. Aí alguém fala: “vamos colocar um…

Por que o modelo de responsabilidade compartilhada importa de verdade When teams move to the cloud, many assume “the provider takes care of security”. Then an incident happens and everyone discovers the famous modelo de responsabilidade compartilhada cloud the hard way. In practice, this model is simply an explicit contract: the provider secures the cloud,…