Cloud Security | SC Media

Cloud Security

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

World Backup Day: Data loss underscores need to backup

The steady stream of reports of schools, towns and companies being hit with ransomware and having to either pay their attackers for access to the encrypted content or spend months recovering because the data involved was not backed up makes World Backup Day more important than ever. And the constant drumbeat of bad news concerning…

Password-spraying attacks abuse IMAP to break into targets’ cloud accounts

Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…

Stolen email credentials being used to pry into cloud accounts

Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security. Proofpoint researchers found the availability of these tools has powered a massive increase in the number of cloud attacks taking place which in turn…

Improving security with micro-segmentation: Where do I start?

The irreversible movement from on-premise data centers to virtualized, hybrid-cloud infrastructures has raised a major security challenge for enterprises: how to protect mission-critical applications and workloads from threats lurking within the data center. Traditional network-based security boundaries are no longer effective in today’s dynamic, heterogeneous environments. Based on everyday news accounts, attackers are breaching perimeter…

IBM updates firmware to fix flaw in cloud server’s BMC component

A vulnerability found in the Baseboard Management Controller (BMC) component of IBM Cloud’s Bare Metal Server product could allow attackers to overwrite the firmware and then leverage the compromised firmware to attack future users of the product. IBM has issued a firmware update to patch the flaw, which the company’s PSIRT team classified as low…

Cloud-based security management

Over the past few years there has been quite a bit of conjecture around the security market and how it will continue to evolve. Security professionals have started to find their own real success against hackers comes from using the same tools and techniques as hackers to turn the tides. Mike Diehl Increasingly, security products are…

Voipo database exposed millions of call logs and personal data

Communications provider Voipo left a customer database exposed revealing tens of gigabytes worth of customer data including personally identifiable information. Independent researcher Justin Paine discovered the improperly secured ElasticSearch database belonging to the voice-over-internet provider firm which containing nearly seven million call logs, six million SMS/MMS message logs, and plaintext internal system credentials including unencrypted…

upward graph 700px

Cybersecurity trends in 2018

End of the year wrap-ups always want to name a year something, like the “Year of Ransomware” or the “Year of Artificial Intelligence,” but it would be difficult to pin 2018 to a specific threat or trend, as so many reared their ugly heads. With that noted, it is pretty simple to define the year…

Next post in Security News