TechCrunch reports that an unsecured Microsoft Azure cloud server at New York-based law firm Proskauer Rose left sensitive client data related to the company's merger and acquisitions business exposed for more than six months.
The exposed data set comprised a total of 184,000 files including private and privileged financial and legal documents, non-disclosure agreements, financial deals, contracts, and files associated with high-profile acquisitions, which any individual could have accessed via a web browser if they knew where to look.
GrayHatWarfare reported on the exposure through its database, and Proskauer has addressed the incident but has not yet informed its clients. A representative for Proskauer said the company had recently been made aware that "an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it," but declined to name the vendor. "Our IT security team immediately took steps to reconfigure the site and secure its data," the company said.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.
Infrequently used Amazon Web Services products AWS Fargate, AWS Amplify, and Amazon SageMaker, have been targeted by the new Indonesian cloud-native cryptojacking operation AMBERSQUID for cryptomining activities, according to The Hacker News.