Google invests in Security + Microsoft's Log4Shell Update

<p>Cloud Security News this week 5 Jan 2022</p> <ul> <li>&nbsp;Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters <a href="https://www.reuters.com/markets/deals/google-beefs-up-internet-security-with-siemplify-buyout-2022-01-04/"><u>report</u></a> Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with <a href="http://chronicle.security/">Chronicle</a>’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this <a href="https://cloud.google.com/blog/products/identity-security/raising-the-bar-in-security-operations"><u>here</u></a></li> <li>Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”. &nbsp;They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog <a href="https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/"><u>here</u></a>.</li> <li>Back in 2019 you probably heard about Autom Attack which targeted misconfigured