Cloud Security news & analysis | SC Media

Cloud Security News and Analysis

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

Job seeker’s data exposed on open Ladders database

The employment website Ladders exposed almost 14 million user records when it left an Amazon Elasticsearch database unprotected. Security researcher Sanyam Jain found the open server and informed TechCrunch of the situation. After Ladders was informed of the issue the server was quickly taken down the issue is being addressed. The information that was exposed…

Password-spraying attacks abuse IMAP to break into targets’ cloud accounts

Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…

IBM updates firmware to fix flaw in cloud server’s BMC component

A vulnerability found in the Baseboard Management Controller (BMC) component of IBM Cloud’s Bare Metal Server product could allow attackers to overwrite the firmware and then leverage the compromised firmware to attack future users of the product. IBM has issued a firmware update to patch the flaw, which the company’s PSIRT team classified as low…

30 years in: My, how SC and security have changed

1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia, and pro-democracy rallies held sway in China. And, SC Media was born. It was a time…

Cloud infrastructure exposed by multivector, multi-platform malware attacks prevalent, mass scale

Persistent malicious attacks exposing cloud infrastructure are the result of a perfect storm combining cryptomining, ransomware and botnet/worms for both Linux and Windows, the Securonix Threat Research Team reported. “The attack activity described in the report is likely prevalent and mass-scale,” Oleg Kolesnikov told SC Media. The research Addison, Texas-based Securonix provides further insight into…

Oklahoma Dept. of Securities server exposes millions of files

An unsecured storage server belonging to the Oklahoma Department of Securities exposed millions of files, containing personal data, systems credentials and internal commission documents as well as communications meant for the Oklahoma Securities Commission. The server, discovered by the UpGuard Data Breach Research team, has since been secured, the researchers said in a blog post.…

2019 Cybersecurity Predictions: Cloud Security

Stan Lowe, CISO, Zscaler Global governments will look to the private sector to help with securing cloud apps as they offload commodity IT applications and services. Due to skills shortages, governments don’t have the knowledge, skills and abilities to migrate data and applications and services to the cloud. As a result, governments around the world…

Phishing campaign targets finance employees with RATs downloaded from Google Cloud Storage

A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain. In a company blog post today, researchers from Menlo Security’s Menlo Labs division report that the campaign seeks to infect PCs and other endpoints by tricking victims…

Next post in Security News