Cloud Security news & analysis | SC Media

Cloud Security News and Analysis

Researcher finds exposed Starbucks subdomain subject to takeover

Starbucks shuttered a subdomain that pointed to an abandoned Azure cloud resource after a security researcher in its bug bounty program discovered it was vulnerable to cross-site script and session hijacking. The subdomain, svcgatewayus.starbucks.com, “pointed to Microsoft Azure Cloud App [1fd05821-7501-40de-9e44-17235e7ab48b.cloudapp.net] which was no longer registered under Azure,” researcher Patrik wrote in a report on…

Breach exposes data associated with customers of Imperva’s Cloud WAF product

Cybersecurity company Imperva today disclosed a data breach that impacts certain customers of its Cloud Web Application Firewall (WAF) product who had accounts through Sept. 15, 2017. The breach exposed email addresses, hashed and salted passwords, and, for a subset of customers, API keys and customer-provided SSL certificates. In a company blog post, Imperva says…

VMware advisory warns users to patch critical issue in product

VMware to acquire Carbon Black

VMware will acquire Carbon Black, according to a definitive agreement inked by the two companies. Carbon Black stockholders will receive $26 per share cash, putting the net cash payout for VMware at $1.9 billion and representing an enterprise value of $2.1 billion, said a release from VMWare, which also will acquire Pivotal Software in a…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

Automated security services essential for cloud security

Securing the cloud requires a different mindset than securing your on-prem infrastructure Enterprise cloud operations are expanding and maturing, but as with any natural maturation, inevitable growing pains must be endured and overcome. As organizations increasingly migrate operations to the cloud providers, security experts rapidly are realizing that automated cloud security services are essential to…

No ID? Get off my cloud

Cloud-based IAM puts authentication to the test Traditional brick-and-mortar organizations with on-premise servers are striving every day to keep pace with cloud-driven digital enterprises that are untethered by physical restraints, enabling employees to work from anywhere, accessing applications, services and mobile devices as regular parts of their flexible workdays. However, much like ducks on the…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Cloud provider PCM hacked, customer info likely stolen for gift card scam

Hackers accessed emails and file sharing systems of some customers of cloud provider PCM Inc. During a May 2019 intrusion, hackers nicked administrative credentials that the cloud vendor uses for managing customer accounts in Microsoft Office365 and appeared to want to use stolen information to perpetrate gift card fraud in a scheme that resembled a…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Next post in Gaming