In an example of dozens of known breaches and likely thousands of similar situations which never get reported, security researcher Jeremiah Fowler discovered a non-password protected, unsecured (sort of redundant) database containing 38.6 million records belonging to legal support services company Rapid Legal. The information left exposed included court documents, service agreements and payment information […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
AstraZeneca Learns About Cloud Security – As Should You Apparently, AstraZeneca left credentials to an internal server on GitHub for over a year. The credentials granted access to a test SalesForce environment that contained patient data. Once TechCrunch told them about it, they made the repository private. Who found that repo, who found the credentials, […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
IBM’s security arm, X-Force, released their latest Cloud Security Threat Landscape report for Q2 2020 to Q2 2021. They said that two out of three breached cloud environments observed by them would likely have been prevented by more robust hardening of systems, such as better software security practices (called policies) and better patching. They also […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Maybe this is the NEW AND IMPROVED NSA. From the NSA document: This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also […]
Continue reading →
[DISPLAY_ACURAX_ICONS]