Cloud Security | SC Media

Cloud Security

Breach exposes data associated with customers of Imperva’s Cloud WAF product

Cybersecurity company Imperva today disclosed a data breach that impacts certain customers of its Cloud Web Application Firewall (WAF) product who had accounts through Sept. 15, 2017. The breach exposed email addresses, hashed and salted passwords, and, for a subset of customers, API keys and customer-provided SSL certificates. In a company blog post, Imperva says…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

Shadow IT: The silent cloud migration killer

As more organizations see the benefits the cloud can offer, enterprises are eager to implement cloud migration strategies. By next year, Gartner forecasts that 75 percent of organizations will take the next step and deploy a multicloud or hybrid cloud model to meet their IT needs. As with any major IT shift, there are several…

Cloud-hosting firm iNSYNQ shut down by MegaCortex ransomware

The QuickBooks cloud-hosting firm iNSYNQ is still in recovery mode after being hit with a MegaCortex ransomware attack that forced it offline last week and the company expects it to take at least several more days to get all its customers back online. Company CEO Elliot Luchansky said in a July 22 blog post that…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Next post in SC Security Ops Center