Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Cloud Tech Debt and Security

August 2, 2023
Reading Time: 2 mins read
in Alerts
Cloud Tech Debt and Security

A recent report by Qualys Threat Research Unit (TRU) has brought critical cloud risks to light, emphasizing the escalating threat of cloud tech debt. Based on anonymized global cloud scans from April 2023, the report highlights that over 60 million applications have reached the end of support and end of life, leaving essential categories like databases, web servers, and security software without security updates, significantly increasing the risk of potential breaches.

Cloud misconfigurations have also emerged as a significant concern, with over half of Center for Internet Security (CIS) Benchmarks failing across major cloud providers, including AWS, Microsoft Azure, and Google Cloud Platform (GCP). The most critical misconfiguration categories are encryption, identity and access management, and internet-facing assets.

The report raises alarm over external-facing vulnerabilities, revealing that around 4% of scanned cloud assets are publicly exposed to potential attackers. Additionally, weaponized vulnerabilities pose a significant threat, with the report citing the Log4Shell vulnerability as a major concern. This internet-facing vulnerability enables attackers to execute arbitrary Java code or leak sensitive information, and a staggering 68.44% of detected Log4Shell vulnerabilities on internet-facing cloud assets remain unpatched.

The study identifies malware and cryptomining as the top two threats to cloud assets, facilitating unauthorized access and lateral movement. The report also underscores the core characteristic of cloud computing—self-service, which allows rapid and scalable deployment of infrastructure and resources without traditional on-premises IT constraints but comes with significant associated risks.

Automation emerges as a crucial factor in remediation processes, effectively reducing unresolved vulnerabilities and expediting patching. Automating non-Windows patching increased rates by nearly 8% and reduced remittance time by two days.

Ultimately, managing security in hybrid and multi-cloud environments requires seamless tools and techniques that work across all cloud vendor environments and on-premise deployments.

As stated by Utpal Bhatt, CMO at Tigera, automation plays a central role in cloud security due to the numerous and ever-changing computing resources in the cloud. For more details, the report is available through Qualys’ blog post published today.

Reference:
  • 2023 QUALYS TOTALCLOUD SECURITY INSIGHTS
Tags: August 2023Cloud Securitycloud tech debtCyber AlertCyber Alerts 2023CyberattackCybersecurityQualysTRU
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial