Cloud Security

Threatpost 

198 Million Car-Buyer Records Exposed Online for All to See

September 11, 2019 TH Author auto dealers, breach, Cloud misconfiguration, Cloud Security, data leak, dealer leads, elastica database, leads, loan information, Privacy, prospective car buyers, public exposure, sensitive information, Web Security

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers. READ MORE HERE…

Read more

Threatpost 

Insider Threats Are Rising – But They Shouldn’t Be

September 10, 2019 TH Author best practices, breach, Cloud Security, data monitoring, data protection, Featured, Government, Hacks, infosec insider, insider threats, Mobile Security, spotting insider threats, value density

Simply implementing best practices is not enough to address the risk coming from your own employees. READ MORE HERE…

Read more

Threatpost 

Microsoft Addresses Two Zero-Days Under Active Attack

September 10, 2019 TH Author active attack, Cloud Security, critical vulnerabilities, elevation of privilege, Microsoft, patch tuesday, remote desktop client, september 2019, Vulnerabilities, Web Security, zero-day

September Patch Tuesday leads off with two elevation-of-privilege bugs that have been exploited in the wild. READ MORE HERE…

Read more

Threatpost 

Critical Exim Flaw Opens Millions of Servers to Takeover

September 9, 2019 TH Author active exploit, Azure, Cloud Security, Exim, linux flaw, Microsoft, Unix, virtual machine, Vulnerabilities, vulnerable server, Worm

A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges. READ MORE HERE…

Read more

Threatpost 

Gamification Can Transform Company Cybersecurity Culture

September 2, 2019 TH Author balbix, Cloud Security, company culture, competition, Cybersecurity, cybersecurity training, cyberthreat awareness, employee awareness, employee error, game mechanics, gamification, infosec insider, IoT, Malware, misconfiguration, Mobile Security, password hygiene, Vulnerabilities, Web Security

Implementing game mechanics and competition into the mix can incentivize employees to improve their cybersecurity posture. READ MORE HERE…

Read more

Threatpost 

How to Prepare for Misconfigurations Clouding the Corporate Skies

August 20, 2019 TH Author AWS, breach, Cloud Security, cloud storage, databases, how to avoid, infosec insider, misconfiguration, network traffic analysis, s3 buckets, security recommendations, user behavior analysis

With cloud misconfigurations rampant in cloud storage and IaaS environments, adding security layers to identify them is crucial for securing sensitive data. READ MORE HERE…

Read more

Threatpost 

Choice Hotels Breach Showcases Need for Shared Responsibility Model

August 15, 2019 TH Author breach, choice hotels, Cloud Security, cloud storage, data breach, MongoDB, Privacy, shared responsibility, supply chain, unsecured

700,000 customer records were exposed after being housed on a vendor’s server that lacked appropriate security. READ MORE HERE…

Read more

Threatpost 

Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack

August 7, 2019 TH Author azure cloud, Black Hat, Black Hat USA, Cloud Security, DEF CON, Hyper-V, Microsoft, RDP flaw, Vulnerabilities

At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V. READ MORE HERE…

Read more

Threatpost 

Microsoft Lab Offers $300K For Working Azure Exploits

August 5, 2019 TH Author Azure, azure cloud security, azure security lab, Black Hat, black hat USA 2019, bug bounty, Cloud Security, Exploit, Microsoft, Vulnerabilities

Microsoft says its Azure Security Lab will allow researchers to attack its cloud environment in a customer-safe way. READ MORE HERE…

Read more

Threatpost 

Former AWS Engineer Arrested as Capital One Admits Massive Data Breach

July 30, 2019 TH Author arrest, AWS, breach, Capital One, cloud configuration, Cloud Security, credit card applications, data breach, former engineer, hacker, Hacks, misconfiguration, paige thompson, Privacy

More than 100 million customers have had their data compromised by a hacker after a cloud misconfiguration at Capital One. READ MORE HERE…

Read more