Collaborate Disseminate
Use a cloud directory service to provide one user account for AWS and GCP, even if you’re an AD-centric organization.
The post One User Account for Both AWS and GCP appeared first on JumpCloud.
The post One User Account for Both AWS and GCP appea… Continue reading One User Account for Both AWS and GCP
As IT admins evaluate AWS Cloud Directory, pricing is a leading concern. Let’s break down their pricing model and how it compares to functionality.
The post AWS Cloud Directory Pricing appeared first on JumpCloud.
The post AWS Cloud Directory Pri… Continue reading AWS Cloud Directory Pricing
As more organizations use AWS, many IT admins are looking for ways to sync their Microsoft Active Directory identities to it.
The post Sync Active Directory with AWS appeared first on JumpCloud.
The post Sync Active Directory with AWS appeared first on… Continue reading Sync Active Directory with AWS
A company that sells content management software and services exposed data on 477,000 media contacts, including 35,000 hashed user passwords, to the public internet. In October, iPRsoftware, a U.S.-based company that specializes in software that manages and disseminates company public relations and marketing, was discovered to be exposing the data along with administrative system credentials and assorted documents. Among the documents were marketing materials for client companies, as well as credentials for the company’s Google and Twitter accounts and a MongoDB hosting provider. Chris Vickery, director of cyber risk research at UpGuard, first contacted the company about the exposure in October. Despite the company’s acknowledgement of the issue, Vickery observed that over the next week, the only thing that changed was the appearance of a log file for the purpose of reviewing activity related to the open repository. When contacted weeks later by CyberScoop about the exposure, a company representative said it […]
The post Exclusive: PR software firm exposes data on nearly 500k contacts appeared first on CyberScoop.
Continue reading Exclusive: PR software firm exposes data on nearly 500k contacts
Sens. Elizabeth Warren and Ron Wyden are asking federal regulators to investigate whether Amazon’s cloud computing unit made any mistakes that could have led to a breach at Capital One involving the data of more than 100 million people. Warren, D-Mass., and Wyden, D-Ore., want the Federal Trade Commission to probe whether Amazon Web Services failed to account for a hacking technique known as a “server side request forgery.” Capital One is one of the few major financial companies — if not the only one — to rely on AWS and its public cloud to protect its information, portraying the decision as a move to modernize its business. “Amazon knew, or should have known, that AWS was vulnerable to SSRF attacks,” the senators wrote in the letter, sent Thursday. “Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to business, government agencies and to the general […]
The post Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach appeared first on CyberScoop.
The identity and access management (IAM) space continues to grow as we move further into the cloud era. And, when a market gets more active, it generally gets more complex as well. This is exemplified by the increase of vendors in the space, namely the… Continue reading AWS® Cloud Identity Management Solutions: A Primer
A federal contractor who worked on a U.S. Army IT system was sentenced to two years in prison on Friday for illegally accessing his employer’s network, stealing servers and proprietary information, and causing damage that resulted in more than $1 million in losses. Barrence Anthony, 40, worked for Federated IT, a federal contractor that provides IT services to government agencies. In this case, Federated IT provided services to the Office of the Army‘s Chaplain Corps, according to an affidavit obtained by CyberScoop. Federated IT was specifically working on building and managing a SharePoint instance for the corps hosted on Amazon Web Services. According to the affidavit, Anthony accessed the AWS instance on which the corps system was located after his employment was terminated on Dec. 8, 2016. Shortly thereafter, Anthony made backup versions of the system and moved the duplicates to his own AWS account. Later that night, Anthony logged back into […]
The post Former U.S. Army contractor sentenced to prison for destroying IT system appeared first on CyberScoop.
Continue reading Former U.S. Army contractor sentenced to prison for destroying IT system
AWS and Google Cloud Platform are arch enemies, so why would Google enable their identities to work with AWS servers? They won’t. But you can authenticate AWS servers with Google Cloud Identity by leveraging a third party cloud IAM solution, Dire… Continue reading Authenticate AWS Servers with Google Cloud Identity
If the alleged Capital One hacker also took information from dozens of other companies, as investigators suspect, then Amazon Web Services isn’t aware of it, according to the cloud computing giant. The company outlined its findings in a letter to Sen. Ron Wyden, D-Ore., who had sought more detail on how a reported misconfiguration in Capital One’s AWS server would have made it possible for a single individual to steal information about more than 100 million people. The letter said AWS is not aware of any breaches at other “noteworthy” customers, cautioning that there “may have been small numbers of these that haven’t been escalated to us.” This follows court filings indicating government investigators are probing whether the accused hacker, Paige Thompson, also took data from more than 30 other companies, along with Capital One. Wyden asked whether any vulnerabilities in the AWS cloud service — which serves millions of customers – contributed to the […]
The post Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson appeared first on CyberScoop.
There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]
The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.
Continue reading What Capital One’s cybersecurity team did (and did not) get right