Cloud Security News, Articles and Updates

GoDaddy configuration info exposed on open S3 bucket created by Amazon employee

GoDaddy with its 17.5 million customers and 76 million domain names, "is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence," UpGuard researchers said.

Salesforce API error left data accessible

The error presents the potential for data exposure and compliance failures, depending on what data was exposed,

Open AWS S3 bucket at political robocall firm exposes 2,600 files

The files included names, phone numbers, addresses, political affiliation, birth years, gender, jurisdiction and demographics based on ethnicity, education and language.

Survey finds a lack of concern among non-IT execs over cybersecurity

A recent survey published by cloud-based controls provider ERP Maestro found a major disconnect between IT security workers and other corporate executives.

Wide open Apache Airflow server at Universal Music Group contractor exposes FTP, SQL, AWS credentials

Researchers at the Kromtech Security Center, who discovered the unprotected server, said that because Airflow is wide open by default, organizations need to take steps to safeguard servers.

TeenSafe app exposes data on more than 10K accounts

Anyone who ran across the exposed server could access Apple IDs, user ID and passwords stored in plaintext.

GDPR: It's (just about) here

Like many college students who cram the night before a test - and some writers who test the limits of their editors' patience with their procrastination - many companies have pushed off GDPR compliance, believing either it doesn't apply to them, it's too costly or overwhelming or they can afford to wait and see just how serious regulators are about admonishing and fining companies who falter on privacy. Big mistake.

Fitbit teams up with Google

Fitbit and Google have inked a deal that will have the fitness device vendor upload data to Google's Cloud Healthcare API to it can be made accessible by healthcare providers.

SCOTUS dropped Microsoft case citing passage of CLOUD Act, but questions remain

The federal government and Microsoft have clashed for years after the U.S. asked for access to the emails belonging to one individual linked to a narcotics investigation back in December 2013 and stored on a server in Ireland.

Microsoft adds ransomware protection, recovery tools to Office 365

Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware.

5 Questions to ask cloud services providers about security

Ask prospective cloud servers these five questions germane to security.

Multiple vulnerabilities including remote execution spotted in WDMyCloud products

A GulfTech researcher spotted multiple vulnerabilities In Western Digital's MyCloud products, some of which could lead to remote code execution and unauthorized access.

Cloud-based docs the new frontier for phishing attacks

Ever on the lookout for a new avenue of attack, cybercriminals had figured out a method of using Google App Scripts to automatically download malware hosted in Google drive to any computer.

The professional cybersecurity groups

As cybersecurity has grown in importance within organizations, professional development has become a greater priority. These groups stand out as they educate and elucidate.

National Credit Federation unsecured AWS S3 bucket leaks credit, personal data

The exposed data -- a whopping 111 GB worth - allegedly affects tens of thousands of consumers.

McAfee inks deal to acquire Skyhigh Networks

McAfee has agreed to acquire Skyhigh Networks in move that McAfee believes will help boost its presence in the cloud access security broker market.

Unsecured AWS server exposed classified military intel

UpGuard Director of Cyber Risk Research Chris Vickery came across an Amazon Web Services S3 cloud storage bucket within the AWS "inscom" subdomain, and set to public, on September 27.

Amazon Web Services launches hosting service for Secret-level government documents

Amazon Web Services has launched a new cloud-based hosting service that can accommodate government intelligence, files and work product classified as Secret or below.

Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation

As misconfigured Amazon servers continue to leak sensitive data, Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.

Office 365 joke: KnockKnock, Who's there? Botnet malware

Microsoft's already battered Office 365 is once again being targeted, this time by KnockKnock, a botnet attack designed to specifically victimize the office productivity software suite.

Top 10 Security Challenges for 2017

The first half of 2017 has not exactly been a ride in the park for cybersecurity professionals.

Millions of Dow Jones customer records exposed due an internal error

A misconfigured database on an Amazon S3 server may have exposed the data of between two and four million Dow Jones & Co. customers, a report on the incident stated.

Data breach at Oklahoma U impacts 30K students

Lax privacy settings in a campus file-sharing network led to an unintentional exposure of the educational records of thousands of students at the University of Oklahoma.