Saturday, June 14, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » There’s a Hole in My AWS S3 Bucket!

SBN

There’s a Hole in My AWS S3 Bucket!

by David McKissick on July 27, 2018

2017 saw many data leaks and breaches that stemmed from poorly configured Amazon AWS configurations, or more specifically, configurations of AWS S3 buckets. These weren’t small leaks, either. As a result, Verizon, Dow Jones & Co and the WWE found themselves in the media for the wrong reasons.

And they’re not the only ones. A quick Google search would show you that 2018 is running in a similar vein as last year, with many organisations failing to follow relatively simple steps when administering their public cloud environment.

Techstrong Gang Youtube
AWS Hub

AWS itself is relatively simple to get up and running, but like most platforms, dig a bit (or a lot deeper), and it gets a lot more complex. So why are large organisations making rather basic errors?

I’ve yet to come across any organisation that complains of too many resources or too many skilled people, and it’s widely acknowledged there’s a skills shortage in the industry, so I don’t expect this to change anytime soon. But that’s surely the most likely reason why simple configurations errors continually take place. Whether it’s Amazon AWS, Microsoft Azure or Google Cloud, they all come with many different options and settings that can make implementation and configuration a mine field. If an employee has experience with Azure, they couldn’t automatically succeed if asked to implement a solution in AWS. Whilst the theory is identical, the actual configuration is vastly different, which is what can lead to fundamental mistakes being made.

Let’s play devil’s advocate and assume that the company implementing a cloud service does have adequate resources and skill sets available. How about the day-to-day management of these services? How can you keep on top of changes being made to the cloud configuration settings or content being added to the buckets (or containers)? How (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David McKissick. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-s3-bucket/

July 27, 2018July 30, 2018 David McKissick aws, azure, Cloud, google cloud, security
  • ← 5 Methods for Data Privacy Enhancement
  • Mobile Apps Must Roll Back Welcome Mat for Cybercriminals →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says
No Lollygagging: Cisco IOS XE Flaw With 10.0 Rating Should be Patched Now
Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI
Navigating Data Security Challenges in Cloud Computing for Universities
NIST Launches Updated Incident Response Guide
What is AI Red Teaming?
AI Ready: The Complete Guide to AI-Powered Cybersecurity Training in 2025/2026
Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)
Identity’s New Frontier: AI, Machines, and the Future of Digital Trust

Industry Spotlight

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches 

Meta AI is a ‘Privacy Disaster’ — OK Boomer

June 13, 2025 Richi Jennings | Yesterday 0
Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?

June 10, 2025 Richi Jennings | 3 days ago 0
Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web

June 4, 2025 Richi Jennings | Jun 04 0

Top Stories

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

June 13, 2025 Jeffrey Burt | Yesterday 0
BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says
Application Security Cloud Security Cybersecurity Data Security Featured IoT & ICS Security Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says

June 9, 2025 Jeffrey Burt | 4 days ago 0
Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI
Cloud Security Cyberlaw Cybersecurity Data Security DevOps Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI

June 9, 2025 Jeffrey Burt | 4 days ago 0

Security Humor

Facebook CEO Mark Zuckerberg announces the plan to make Facebook more private at Facebook’s Developer Conference on April 30, 2019

Meta AI is a ‘Privacy Disaster’ — OK Boomer

Download Free eBook

Managing the AppSec Toolstack

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×