AstraZeneca Learns About Cloud Security – As Should You Apparently, AstraZeneca left credentials to an internal server on GitHub for over a year. The credentials granted access to a test SalesForce environment that contained patient data. Once TechCrunch told them about it, they made the repository private. Who found that repo, who found the credentials, […]
Continue reading → [DISPLAY_ACURAX_ICONS]IBM’s security arm, X-Force, released their latest Cloud Security Threat Landscape report for Q2 2020 to Q2 2021. They said that two out of three breached cloud environments observed by them would likely have been prevented by more robust hardening of systems, such as better software security practices (called policies) and better patching. They also […]
Continue reading → [DISPLAY_ACURAX_ICONS]Maybe this is the NEW AND IMPROVED NSA. From the NSA document: This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also […]
Continue reading → [DISPLAY_ACURAX_ICONS]