Collaborate Disseminate
Skyrocketing data breaches bring incalculable losses to organizations and can cost cybersecurity executives their jobs.
Here we examine the top five places in 2019 where cybercriminals are stealing corporate and government data without ever getting no… Continue reading 5 Places Where Hackers Are Stealthily Stealing Your Data In 2019
Reading Time: 4 minutes Network segmentation, a concept that dates back to the start of enterprise IT systems, is now a routine part of building data centers and application architectures.
The post Making the Case for Network Segmentation in AWS appeared first on Security Intelligence.
Continue reading Making the Case for Network Segmentation in AWS
Former Amazon employee Paige Thompson, who was arrested last month in relation to the Capital One data breach, has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies.
An indictment unsealed on Wednesday… Continue reading Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking
One of the most notorious e-commerce scams has expanded into a “mass compromise” that preys on vulnerable cloud infrastructure to skim data from thousands of websites, according researchers with security vendor RiskIQ. Hackers using so-called Magecart techniques have infiltrated more than 17,000 sites by sneaking into misconfigured cloud repositories, reports the San Francisco-based company. The crooks are automatically scanning the web for vulnerable Amazon Web Services S3 buckets and adding malicious code that captures financial information, the researchers say. While AWS does have automatic protections for S3 buckets, it’s common for the repositories to be misconfigured and thus vulnerable to outsiders. Many e-commerce sites use S3 buckets to store sensitive data. The thieves started compromising insecure buckets in April, RiskIQ says. This campaign, which RiskIQ says has affected websites in Alexa’s top 2,000 internet rankings, is the latest Magecart-style attack after previous incidents at British Airways, Ticketmaster, and other international shipping sites. “Magecart” doesn’t refer to a single cybercriminal gang, but a style […]
The post Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says appeared first on CyberScoop.
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebo… Continue reading Slurp – Amazon AWS S3 Bucket Enumerator
Businesses that want to advance cloud security at scale need to invest in both the people and the technology that will reduce risks.
The post Is Cloud Business Moving too Fast for Cloud Security? appeared first on Security Intelligence.
Continue reading Is Cloud Business Moving too Fast for Cloud Security?
It’s been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…
…the bad week gets worse with a new privacy breach.
More than half a b… Continue reading 540 Million Facebook User Records Found On Unprotected Amazon Servers
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to t… Continue reading RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to ha… Continue reading Critical Flaws Found in Amazon FreeRTOS IoT Operating System
A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources. “I have grave concerns about where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of Commerce. “I worry that we’re chasing shadows right now.” The story in question is an explosive, anonymously-sourced report published last week by Bloomberg Businessweek. The report alleges Chinese intelligence agents placed malicious microchips on server motherboards supplied by Super Micro Computing Inc., setting up a backdoor to some 30 companies, including Apple and Amazon Web Services. While supply-chain threats emanating from China are certainly a concern, Joyce said, “what I can’t find are any ties to […]
The post NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence appeared first on Cyberscoop.