Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Cloud Tech Debt and Security

August 2, 2023
Reading Time: 2 mins read
in Alerts
Cloud Tech Debt and Security

A recent report by Qualys Threat Research Unit (TRU) has brought critical cloud risks to light, emphasizing the escalating threat of cloud tech debt. Based on anonymized global cloud scans from April 2023, the report highlights that over 60 million applications have reached the end of support and end of life, leaving essential categories like databases, web servers, and security software without security updates, significantly increasing the risk of potential breaches.

Cloud misconfigurations have also emerged as a significant concern, with over half of Center for Internet Security (CIS) Benchmarks failing across major cloud providers, including AWS, Microsoft Azure, and Google Cloud Platform (GCP). The most critical misconfiguration categories are encryption, identity and access management, and internet-facing assets.

The report raises alarm over external-facing vulnerabilities, revealing that around 4% of scanned cloud assets are publicly exposed to potential attackers. Additionally, weaponized vulnerabilities pose a significant threat, with the report citing the Log4Shell vulnerability as a major concern. This internet-facing vulnerability enables attackers to execute arbitrary Java code or leak sensitive information, and a staggering 68.44% of detected Log4Shell vulnerabilities on internet-facing cloud assets remain unpatched.

The study identifies malware and cryptomining as the top two threats to cloud assets, facilitating unauthorized access and lateral movement. The report also underscores the core characteristic of cloud computing—self-service, which allows rapid and scalable deployment of infrastructure and resources without traditional on-premises IT constraints but comes with significant associated risks.

Automation emerges as a crucial factor in remediation processes, effectively reducing unresolved vulnerabilities and expediting patching. Automating non-Windows patching increased rates by nearly 8% and reduced remittance time by two days.

Ultimately, managing security in hybrid and multi-cloud environments requires seamless tools and techniques that work across all cloud vendor environments and on-premise deployments.

As stated by Utpal Bhatt, CMO at Tigera, automation plays a central role in cloud security due to the numerous and ever-changing computing resources in the cloud. For more details, the report is available through Qualys’ blog post published today.

Reference:
  • 2023 QUALYS TOTALCLOUD SECURITY INSIGHTS
Tags: August 2023Cloud Securitycloud tech debtCyber AlertCyber Alerts 2023CyberattackCybersecurityQualysTRU
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial