Collaborate Disseminate
Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential… Continue reading Kubestriker: A security auditing tool for Kubernetes clusters
While spending on cloud services is high, with more than half of respondents having spent more than $10 million and 11% having spent more than $100 million in the last three years, security preparedness is low, with 32% saying they are doing less than … Continue reading Complexity and budgetary constraints complicate cloud security
There is an industry-wide cloud permissions gap crisis, leaving countless organizations at risk due to improper identity and access management (IAM), a CloudKnox Security report reveals. The report findings underscore the fact that attackers can levera… Continue reading Improper cloud IAM leaving organizations at risk
When it comes to mission-critical cloud applications, today’s security teams have a laundry list of different focus areas. From ensuring cloud providers deliver adequate protection and analyzing baseline activity to examining interconnected syste… Continue reading Using Salesforce? Here are 5 security and compliance considerations
A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped SOC is often no match for a simple misconfiguration error. Organizations have … Continue reading The SOC is blind to the attackable surface
In this era of increasing technological complexity, watering hole attacks build on a model of simplicity. Just like predatory animals that hover near sources of water favored by their prey, attackers systematically infect websites likely to be visited … Continue reading Cloud-native watering hole attack: Simple and potentially devastating
The Cloud Security Alliance and AlgoSec published which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge and… Continue reading 58% of IT and security pros concerned about security in the cloud
Hobby Lobby exposed 138GB of data to the public in an AWS bucket, including the PII of 300,000 customers.
The post Misconfiguration Leaks 138GB of Information to the Public appeared first on Sonrai Security.
The post Misconfiguration Leaks 138GB of Inf… Continue reading Misconfiguration Leaks 138GB of Information to the Public
Do you remember all the apprehension about cloud migration in the early days of cloud computing? Some of the concerns ran the full paranoia gamut from unreliability to massive overcharging for cloud services. Some concerns, such as the lack of security… Continue reading Debunking Top Cloud Misconfiguration Myths
Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure … Continue reading Cloud-Based Storage Misconfigurations – Understanding the Security Risks and Responses