Cloud Security | SC Media

Cloud Security

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

Shadow IT: The silent cloud migration killer

As more organizations see the benefits the cloud can offer, enterprises are eager to implement cloud migration strategies. By next year, Gartner forecasts that 75 percent of organizations will take the next step and deploy a multicloud or hybrid cloud model to meet their IT needs. As with any major IT shift, there are several…

Cloud-hosting firm iNSYNQ shut down by MegaCortex ransomware

The QuickBooks cloud-hosting firm iNSYNQ is still in recovery mode after being hit with a MegaCortex ransomware attack that forced it offline last week and the company expects it to take at least several more days to get all its customers back online. Company CEO Elliot Luchansky said in a July 22 blog post that…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

A sleeping security threat: How to protect against container compromise

Container technology makes it possible to independently package and run software across computing environments, improving software development efficiency and IT operations. Recent advances make it easier than ever to use, but security can’t be overlooked. Similar to the adoption of DevOps and cloud technologies, the introduction of containers expands an organization’s attack surface.  Attackers are…

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

World Backup Day: Data loss underscores need to backup

The steady stream of reports of schools, towns and companies being hit with ransomware and having to either pay their attackers for access to the encrypted content or spend months recovering because the data involved was not backed up makes World Backup Day more important than ever. And the constant drumbeat of bad news concerning…

Next post in Security News