An unsecured storage server belonging to the Oklahoma Department of Securities exposed millions of files, containing personal data, systems credentials and internal commission documents as well as communications meant for the Oklahoma Securities Commission. The server, discovered by the UpGuard Data Breach Research team, has since been secured, the researchers said in a blog post.…
Stan Lowe, CISO, Zscaler Global governments will look to the private sector to help with securing cloud apps as they offload commodity IT applications and services. Due to skills shortages, governments don’t have the knowledge, skills and abilities to migrate data and applications and services to the cloud. As a result, governments around the world…
A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain. In a company blog post today, researchers from Menlo Security’s Menlo Labs division report that the campaign seeks to infect PCs and other endpoints by tricking victims…
The developers of make-your-own-avatar app Boomoji reportedly neglected to password-protect two of their internet-connected databases, thus publicly exposing the personal data of roughly 5.3 million users. The wide-open databases, from Elasticsearch, stored users’ names, genders, countries and phone types all in plain text, TechCrunch reported yesterday. Moreover, the databases also contained unique user IDs, each…
IBM has entered into an agreement to acquire the open-source cloud software firm Red Hat for an estimated $34 billion. The all-cash stock deal has already gained approval from both companies board, but still must pass muster with Red Hat’s stockholders and the proper regulatory agencies. It is expected to close in the latter half…
Nearly half – 46 percent – of 37,000 Twitter users polled by Armor over a 13-week period said they’ve put sensitive data in the cloud, while 41 percent said they’d do so in the next two years. While the second annual #ArmorU poll showed that users are becoming comfortable with the security of the cloud…
Although a cloud-based architecture would offer cybersecurity benefits to federal agencies whose systems are in need of digital defense, many government entities are not yet ready to make the migration, based on the results of a new survey. Conducted by Alexandria, Va.-based MeriTalk, a public-private partnership whose mission is to improve the outcomes of government IT,…
A trio of unprotected Elasticsearch servers hosted by Amazon Web Service (AWS) left 113.5 million records of fitness tracking company FitMetrix customers exposed, according to the security researcher who discovered the databases. The company, which creates software for the likes of SoulCycle and CrossFit, was acquired in February by wellness technology vendor Mindbody, failed to…
After reports that China’s People Liberation Army (PLA) slipped microchips into Supermicro motherboards, creating a backdoor that could be used by hackers to obtain information stored on servers around the globe, both Apple and Amazon deny that their servers were affected. “On this we can be very clear: Apple has never found malicious chips, ‘hardware…
As clouds gather in the public and private sectors, the Internet of Things (IoT) – and all the devices it brings – has organized into a hurricane-sized force that challenges evolving security strategies. Earlier this year, researchers developed a Stuxnet-like malware proof-of-concept attack which they claimed could infiltrate critical infrastructure and potentially disrupt the power…
