Is Your Mercedes Leaking?

Is Your Mercedes Leaking?

| | Blog
Information Security Buzz reported findings from a security researcher, who recently discovered a misconfiguration in a Git web portal belonging to Daimler AG, parent company of Mercedes-Benz. The researcher was able to access, download and leak over 580 Git repositories … Read more The post Is Your Mercedes Leaking? appeared ... Read More
DivvyCloud's Infrastructure as Code Security

Feature Release 20.2

| | Blog
Our latest release, 20.2, is special for many reasons. It marks our first major release as DivvyCloud by Rapid7. We look forward to delivering innovative solutions to you as part of the Rapid7 team. Rest assured, we will continue to … Read more The post Feature Release 20.2 appeared first ... Read More
MCA Wizard Data Breach

Breacher Feature: MCA Wizard

| | Blog
A few weeks ago, researchers from vpnMentor revealed that they had discovered a breached database containing approximately 500,000 sensitive records stored in 425 gigabytes of data. The records were linked to a merchant cash advance app called MCA Wizard, which … Read more The post Breacher Feature: MCA Wizard appeared ... Read More

Shifting Cloud Security Left with Infrastructure as Code

Introduction and Executive Summary DevOps and the continuous integration/continuous deployment (CI/CD) pipeline are revolutionizing application development, test, and cloud delivery, enabling developers to write the application code and define the cloud infrastructure. But where is cloud security? Unfortunately, to date, … Read more The post Shifting Cloud Security Left with ... Read More
Cloud Security Democracy

Full Lifecycle Cloud Security, Part II

| | Blog
In the first part of this blog series, we described how both the prevention of risk during the continuous innovation/continuous deployment (CI/CD) process and the detection of risk at runtime paired with automated remediation are essential components of full lifecycle … Read more The post Full Lifecycle Cloud Security, Part ... Read More
Zoom Recordings Exposed

Zoom Recordings Exposed

| | Blog
Zoom Video Communications is a remote conferencing services company. Many organizations use their product for its video conferencing, online meetings, chat, and mobile collaboration to stay in contact with remote colleagues, customers, partners, etc. Zoom’s value and use has skyrocketed … Read more The post Zoom Recordings Exposed appeared first ... Read More
DivvyCloud at RSA 2020

Dark Reading Interview with DivvyCloud CEO

| | Blog
Dark Reading Contributing Editor Terry Sweeney recently interviewed DivvyCloud CEO and co-founder Brian Johnson. They discuss Brian’s cloud security philosophy and how we are solving challenges for our customers. Brian offers insight into how security teams continue to evolve within … Read more The post Dark Reading Interview with DivvyCloud ... Read More

In the Face of a Pandemic, Cyberattackers Seek to Take Advantage

| | Blog
Cyberattackers live for moments of crisis and confusion. Government agencies and companies already stretched thin are at their most vulnerable, and cyberattackers are all too willing to apply overwhelming pressure to maliciously disrupt operations or gain some financial benefit. As … Read more The post In the Face of a ... Read More
Cloud Security

Full Life Cycle Cloud Security

| | Blog
When security teams find cloud vulnerabilities and misconfigurations at runtime, they are often blamed for introducing friction into the continuous integration/continuous delivery (CI/CD) pipeline and stifling the enterprise’s ability to innovate as efficiently as possible. But it is not the … Read more The post Full Life Cycle Cloud Security ... Read More
Ransomware note

S3 Bucket Ransomware Attack: What Is It and How Can It Happen?

| | Blog
Permission settings for cloud object storage services like S3 buckets are frequently the cause of data breaches. But Rhino Security Labs, a penetration testing and security assessment firm, is drawing attention to another concern. By leveraging S3 buckets as a … Read more The post S3 Bucket Ransomware Attack: What ... Read More