There are an amazing number of misconfigured Amazon S3 buckets. I have no clue why. No company should be in this boat any more. Truffle Security said that a team of there security pros STUMBLED across about 4,000 of them. What was in them? Login credentials – not great. Security keys – even worse. API […]
Continue reading → [DISPLAY_ACURAX_ICONS]You know that if publications like Forbes are running pieces on preparing for ransomware attacks that things must be getting bad. The Forbes piece, written by former Deputy Undersecretary for Cybersecurity at DHS Mark Weatherford is good, but it leaves out a few things (I am guessing that Forbes gave Mark a word limit). We […]
Continue reading → [DISPLAY_ACURAX_ICONS]Companies like Microsoft, Lenovo, GE, Nintendo and many others have created publicly visible repositories on places like Github. Some of these buckets are empty and some may legitimately be intended to be public. But those that contain access credentials – userids, passwords and API keys – likely are NOT intended to be public. Some of […]
Continue reading → [DISPLAY_ACURAX_ICONS]As if ransomware wasn’t bad enough in the past. As if ransomware 2.0 didn’t make you lose sleep. If you thought that the pandemic was slowing down cyberattacks. Sorry to be the bearer of bad news. We are seeing new ransomware strains pop up at an alarming rate. In just the past couple of months […]
Continue reading → [DISPLAY_ACURAX_ICONS]Cloudflare DNS Goes Down Taking A Big Chunk of the Internet Down Good news and bad news. For companies like Shopify, League of Legends and Politico, among many others, Friday afternoon gave you a headache. You outsourced your DNS to Cloudflare and they had a burp. The good news is that because they are Cloudflare […]
Continue reading → [DISPLAY_ACURAX_ICONS]Well that is not a comforting thought. Cybernews is reporting that using an Internet of Things search engine (like Shodan, but they don’t say which), they were able to scan big swaths of the Internet. In their case they were looking for exposed IoT systems. Not just any IoT, but critical infrastructure IoT. Here is […]
Continue reading → [DISPLAY_ACURAX_ICONS]