Cloud Security news & analysis | SC Media Cloud Security

Cloud Security News and Analysis

Cornerstone Payment Systems leaves database open, exposes 6.7M records

Cornerstone Payment Systems, which processes payments for pro-life groups, churches, ministries and other organizations with a similar Christian bent, left a database unprotected, exposing 6.7 million records from 2013 until the present. Information housed by the database included names, email addresses and physical addresses as well as card and merchant information, expiration dates and the…

Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data

A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday. The exposed bucket, which was found on Christmas eve and closed by Jan. 14, was found to contain more than 85,000 files. These included…

OAuth vulnerability threatens Azure accounts

There is a vulnerability in specific Microsoft OAuth 2.0 applications that could let an attacker gain access and control of a victim’s Azure account. The flaw was found by Cyberark researchers who noticed that many white-listed OAuth applications, at least 54, automatically trust domains and sub-domains that are not registered by Microsoft so anyone can…

It’s privacy vs. innovation as Google collects data on 50 million medical patients

Google and health care provider organization Ascension have publicly confirmed a recent report that the two companies have embarked on a massive initiative to aggregate the data of roughly 50 million patients and store it on the cloud. The companies say it will improve patient care and administration, but the strategy has also sparked concern…

Open AWS buckets expose more than 200K CVs at two online recruitment firms

Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates. Authentic Jobs, used by the likes of the New York Times and EY, took the biggest hit with 221,130 CVs exposed to the public, according to…

Researcher finds exposed Starbucks subdomain subject to takeover

Starbucks shuttered a subdomain that pointed to an abandoned Azure cloud resource after a security researcher in its bug bounty program discovered it was vulnerable to cross-site script and session hijacking. The subdomain, svcgatewayus.starbucks.com, “pointed to Microsoft Azure Cloud App [1fd05821-7501-40de-9e44-17235e7ab48b.cloudapp.net] which was no longer registered under Azure,” researcher Patrik wrote in a report on…

Breach exposes data associated with customers of Imperva’s Cloud WAF product

Cybersecurity company Imperva today disclosed a data breach that impacts certain customers of its Cloud Web Application Firewall (WAF) product who had accounts through Sept. 15, 2017. The breach exposed email addresses, hashed and salted passwords, and, for a subset of customers, API keys and customer-provided SSL certificates. In a company blog post, Imperva says…

VMware advisory warns users to patch critical issue in product

VMware to acquire Carbon Black

VMware will acquire Carbon Black, according to a definitive agreement inked by the two companies. Carbon Black stockholders will receive $26 per share cash, putting the net cash payout for VMware at $1.9 billion and representing an enterprise value of $2.1 billion, said a release from VMWare, which also will acquire Pivotal Software in a…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

Next post in Cloud Security