Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings

Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, Uber and FedEx. Researchers have begun … Read More The post Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings appeared first on The State of Security.
Read more

Don’t Get BuckHacked: What Are You Doing to Keep Your AWS S3 Data Private?

Leaky AWS S3 buckets have been spilling confidential information onto the public internet for years, and now anonymous hackers have created a search engine to make finding those exposed secrets even easier. New on the scene is “BuckHacker.” The name is a portmanteau, stemming from the fact that it allows the hacking of “buckets”, which … Read More The post Don’t Get BuckHacked: What Are You Doing to Keep Your AWS S3 Data Private? appeared first on The State of Security.
Read more

Advanced Security in All Sorts of Places

There’s a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors. There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a-service providers. We can use this … Read More The post Advanced Security in All Sorts of Places appeared first on The State of Security.
Read more

Study: Alarming Number of Fortune 500 Credentials Found in Data Leaks

Data breaches are common in the news lately, but a recent study by credential monitoring firm Vericlouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was … Read More The post Study: Alarming Number of Fortune 500 Credentials Found in Data Leaks appeared first on The State of Security.
Read more

AWS GuardDuty and the Cloud Management Assessor

Recently at its re:Invent 2017 conference, Amazon announced an interesting new security offering called “GuardDuty.” GuardDuty uses threat intelligence, machine learning and anomaly detection to deliver agentless security findings across a variety of AWS services. This blog will discuss a bit about GuardDuty and show one example of how to gather custom data within the Cloud … Read More The post AWS GuardDuty and the Cloud Management Assessor appeared first on The State of Security.
Read more

Could Containers Save The Day? 10 Things to Consider when Securing Docker

By now, we’re all aware of the Equifax breach that affected 143 million customer records. Equifax reports that Apache Struts vulnerability CVE-2017-5638 was used by the attackers. Equifax was not running its vulnerable struts application in a container, but what if it had been? Containers are more secure, so this whole situation could have been … Read More The post Could Containers Save The Day? 10 Things to Consider when Securing Docker appeared first on The State of Security.
Read more

Securing Azure with Best Practice Fundamentals

In a previous blog, I discussed securing AWS management configurations by combating 6 common threats with a focus on using both the Center for Internet Security Amazon Web Services Foundations benchmark policy along with general security best practices. Now I’d like to do the same thing for Microsoft Azure, but unfortunately as of this writing, … Read More The post Securing Azure with Best Practice Fundamentals appeared first on The State of Security.
Read more