October 6, 2020
Via: Help Net SecurityAmazon Web Services (AWS) has made available three new S3 (Simple Storage Service) security and access control features: Object Ownership Bucket Owner Condition Copy API via Access Points Object Ownership Object Ownership is a permission that can be set when […]
Access control, Cloud security, Security
July 23, 2020
Via: Help Net SecurityTwilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets. “Due to a misconfiguration in the S3 bucket that […]
June 1, 2020
Via: Security WeekAn internal website audit revealed that a third-party company owned by a former leader of the Joomla Resource Directory team — they are still a member of the JRD team — stored full JRD backups in an AWS S3 bucket. […]
March 12, 2020
Via: Naked SecurityResearchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment […]
January 20, 2020
Via: Computer WeeklyThe lack of care being taken to correctly configure cloud environments has once again been highlighted by two serious data leaks in the UK caused by leaking Amazon Simple Storage Service (S3) bucket databases. As a default setting, Amazon S3 […]
January 16, 2020
Via: TechRadarCybersecurity is an important aspect and it becomes more precarious when organisations are flocking to the cloud to deploy mission-critical apps. Data is the new oil of the 21st century. The opportunity that the cloud presents also brings in challenges […]
December 10, 2019
Via: Hot for SecurityOrganizations handling highly sensitive data belonging to U.S. residents are not doing enough to protect their customers’ personal information, as a recent discovery illustrates. A group of pen testers have found more than a quarter of a million applications for […]
December 5, 2019
Via: Security WeekAmazon Web Services (AWS) has expanded its portfolio with three new services and capabilities meant to help organizations build and operate securely in the cloud. With the new Amazon Detective, customers can increase efficiency when investigating incidents across workloads. Currently […]
November 18, 2019
Via: Help Net SecurityThere are notable network performance and connectivity differences between the five major public cloud providers – Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Alibaba Cloud and IBM Cloud, ThousandEyes reveals. A look at public cloud performance While […]
Cloud security, Network security
October 24, 2019
Via: Security WeekAmazon Web Services (AWS) customers experienced service interruptions yesterday as the company struggled to fight off a distributed denial-of-service (DDoS) attack. As part of such an assault, attackers attempt to flood the target with traffic, which would eventually result in […]
September 9, 2019
Via: InfoWorldIn the latest major cloud security foul-up, Capital One suffered a data breach, which affected 100 million people in the United States, and 6 million in Canada. It wasn’t just Capital One caught with their security pants down. We now […]
Cloud security, Hacker, Network security, Threats & Malware
August 19, 2019
Via: Security WeekThompson, who used the online moniker “erratic,” has been accused of accessing the personal information of roughly 106 million people — 100 million in the United States and 6 million in Canada — including, in some cases, social security numbers […]
February 5, 2019
Via: Security WeekA new backdoor is targeting Linux servers in East Asia and Latin America, including Amazon Web Services (AWS) hosted machines, Check Point security researchers say. Dubbed ‘SpeakUp’, the new Trojan targets known vulnerabilities in six different Linux distributions and attempts […]
September 26, 2018
Via: Security WeekThe issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected? Cloud adoption is becoming more […]
Cloud security, Hacker, Network security
August 21, 2018
Via: Dark ReadingAttackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks. A new body of evidence indicates threat actors are using increasingly advanced techniques to target cloud providers and leveraging cloud-specific traits […]
Application security, Cloud security
April 5, 2018
Via: Security WeekAmazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials. Private Certificate Authority One of the new services is called Private Certificate […]
October 11, 2017
Via: Security WeekConsulting and technology services giant Accenture inadvertently exposed potentially sensitive information by leaving it unprotected in four Amazon Web Services (AWS) S3 buckets. The cloud storage containers were discovered on September 17 by Chris Vickery of cyber resilience company UpGuard […]
Cloud security, Network security
September 25, 2017
Via: Security WeekResearchers discovered an unprotected Amazon Web Services (AWS) S3 bucket containing potentially sensitive information associated with a system used internally by Verizon. The cloud container, discovered by Kromtech Security on September 20, stored roughly 100 Mb of data from a […]
August 7, 2017
Via: Naked SecurityWe’ve read plenty of stories recently about the accidental exposure of data stored in the cloud because of users’ poor configuration choices. Cybersecurity researchers have been actively scanning Amazon Web Services (AWS) for accounts and files available to the public; […]
October 6, 2015
Via: cloud-securityAs thousands of cloud fanatics descend on Las Vegas this week for #amazon web service’s #re:invent conference, researchers in Massachusetts are raising new questions about the security of all multi-tenant cloud environments. A group of professors at #worcester polytechnic institute […]