Amazon AWS – Page 3 – WindowsTechs.com

NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence

Posted on October 10, 2018 by Sean Lyngaas

A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources. “I have grave concerns about where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of Commerce. “I worry that we’re chasing shadows right now.” The story in question is an explosive, anonymously-sourced report published last week by Bloomberg Businessweek. The report alleges Chinese intelligence agents placed malicious microchips on server motherboards supplied by Super Micro Computing Inc., setting up a backdoor to some 30 companies, including Apple and Amazon Web Services. While supply-chain threats emanating from China are certainly a concern, Joyce said, “what I can’t find are any ties to […]

The post NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence appeared first on Cyberscoop.

Continue reading NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence→

Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say

Posted on June 5, 2018 by Sean Lyngaas

A new widespread vulnerability that lets an attacker execute remote commands affects web development tools offered by Amazon Web Services, HP, and other companies, according to secure-coding startup Snyk. The so-called “Zip Slip” vulnerability, which is particularly prevalent in JavaScript, “affects thousands of projects” supported by those internet giants plus other companies, Snyk co-founder Danny Grander said in an advisory. “[T]his type of vulnerability has existed before, but recently it has manifested itself in a much larger number of projects and libraries,” Grander wrote. The vulnerability allows an attacker to “gain access to parts of the file system outside of the target folder in which they should reside,” according to Snyk, potentially letting the adversary overwrite configuration files. To do that, an attacker needs both a “a malicious archive and extraction code that does not perform validation checking,” the firm said. Snyk said that it began privately disclosing the vulnerability to […]

The post Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say appeared first on Cyberscoop.

Continue reading Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say→

Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say

Posted on June 5, 2018 by Sean Lyngaas

The post Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say appeared first on Cyberscoop.

Continue reading Widespread ‘Zip Slip’ vulnerability affects AWS, HP tools, researchers say→

French marketing firm publicly exposes sensitive data of over 12,000 clients

Posted on February 5, 2018 by Patrick Howell O'Neill

Prominent French marketing firm Octoly accidentally publicly exposed an Amazon Web Services S3 cloud storage bucket containing sensitive information about the company’s IT operations as well as the firm’s thousands of clients, according to a report from the cybersecurity firm UpGuard. Octoly, which just got a $10 million investment round, is a marketing firm that connects companies and influencers for native advertising opportunities in the popular and lucrative worlds of beauty and video game blogging. The firm works with Sephora, Dior, Yves Saint Laurent and Blizzard Entertainment as well as popular “influencers” on social media — i.e. people with a large following. Over 12,000 Octoly clients had sensitive data exposed as a result of a misconfigured AWS account including real names, addresses, phone numbers, email addresses, birth dates and hashed user passwords for the individual influencers. On the brand side, Octoly’s analytics for each specific brand were publicly exposed as well. “Octoly’s potential business […]

The post French marketing firm publicly exposes sensitive data of over 12,000 clients appeared first on Cyberscoop.

Continue reading French marketing firm publicly exposes sensitive data of over 12,000 clients→

Three Steps to Secure Your AWS Environment Using IBM QRadar

Posted on November 29, 2017 by Chris Collard

IBM QRadar can help you secure your AWS environment by checking for misconfigurations, monitoring for anomalous activity and curating content rules.

The post Three Steps to Secure Your AWS Environment Using IBM QRadar appeared first on Security Intelligence.

Continue reading Three Steps to Secure Your AWS Environment Using IBM QRadar→

Top secret Army, NSA data found on public internet due to misconfigured AWS server

Posted on November 28, 2017 by Chris Bing

A misconfigured Amazon Web Services server operated by the U.S. Army’s Intelligence and Security Command was publicly available on the open internet, according to findings by UpGuard researcher Chris Vickery. The hard drive’s content, which included classified material belonging to the National Security Agency, was stored on a unprotected, unlisted server, containing information about an outdated Army intelligence sharing project codenamed “Red Disk.” Red Disk represents a defunct project that was previously spearheaded by INSCOM in order to improve one of the Army’s legacy platforms known as the distributed common ground system (DCGS). Red Disk was meant to act as a customizable cloud system for soldiers and other operators in field to access, organize and share active reports regarding military activities, including information gathering efforts. The publicly accessible files provide an overview of how Red Disk functioned and could have been deployed. Other confidential information stored on the disk image included a […]

The post Top secret Army, NSA data found on public internet due to misconfigured AWS server appeared first on Cyberscoop.

Continue reading Top secret Army, NSA data found on public internet due to misconfigured AWS server→

Time Warner Hacked – AWS Config Exposes 4M Subscribers

Posted on September 7, 2017 by Darknet

What’s the latest on the web, Time Warner Hacked is what it’s about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers.

This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I’d hazard a guess that it won’t be the last.

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.

Read the rest of Time Warner Hacked – AWS Config Exposes 4M Subscribers now! Only available at Darknet.

Continue reading Time Warner Hacked – AWS Config Exposes 4M Subscribers→

VMworld 2017 Day 1: Everything You Need to Know

Posted on August 28, 2017 by Windows IT Pro

News from day one of VMworld 2017

Check out what’s happening at VMworld 2017

Heartbleed Persists on 200,000 Servers, Devices

Posted on January 23, 2017 by Tom Spring

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago. Continue reading Heartbleed Persists on 200,000 Servers, Devices→

Is Cloud Security a Pie-In-The-Sky?

Posted on July 18, 2016 by Windows IT Pro

A brief overview of the challenges in cloud security and how to get the most security cloud deployment.