Cloud-based IAM puts authentication to the test Traditional brick-and-mortar organizations with on-premise servers are striving every day to keep pace with cloud-driven digital enterprises that are untethered by physical restraints, enabling employees to work from anywhere, accessing applications, services and mobile devices as regular parts of their flexible workdays. However, much like ducks on the…
Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…
Hackers accessed emails and file sharing systems of some customers of cloud provider PCM Inc. During a May 2019 intrusion, hackers nicked administrative credentials that the cloud vendor uses for managing customer accounts in Microsoft Office365 and appeared to want to use stolen information to perpetrate gift card fraud in a scheme that resembled a…
Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…
A common theme that runs through successful books and movies is misdirection. Are the good guys really good and the bad guys really bad? Identity is everything. In the real world, you do not want to be the good guy who finds out at the end that your colleague or business partner was actually an…
Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…
The employment website Ladders exposed almost 14 million user records when it left an Amazon Elasticsearch database unprotected. Security researcher Sanyam Jain found the open server and informed TechCrunch of the situation. After Ladders was informed of the issue the server was quickly taken down the issue is being addressed. The information that was exposed…
Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…
A vulnerability found in the Baseboard Management Controller (BMC) component of IBM Cloud’s Bare Metal Server product could allow attackers to overwrite the firmware and then leverage the compromised firmware to attack future users of the product. IBM has issued a firmware update to patch the flaw, which the company’s PSIRT team classified as low…
1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia, and pro-democracy rallies held sway in China. And, SC Media was born. It was a time…
