Even with cloud providers implementing defenses, glaring weaknesses remain

A new report from RedLock offers a look at the threats and vulnerabilities that continue to mount in public cloud computing environments. First of all, poor user and API access hygiene, combined with ineffective visibility and user activity monitoring, are causing organizations to be more vulnerable to breaches. For example, 73% of organizations allow the root user […]

A new search engine “BuckHacker” lets you find leaky Amazon Servers

The lives of hackers has just been made a lot easier, thanks to a tool created by anonymous hackers that allows cybercriminals to search for sensitive information stored in the cloud. The search engine called BuckHacker scans and finds leaky servers at Amazon Web Services (AWS) and reports them. AWS is a popular cloud computing platform […]

Top 5 Risks of Cloud Computing

Risk is tricky. You can take on huge amounts of it without consequence – until it’s too late. IT firms are adopting and selling cloud services with abandon. Growth is over 100% for the past five years. While the cloud brings many benefits, many IT providers are aware of the risks in cloud computing and are […]

7 Ways to Secure Cloud Storage

Figuring out a good path to security in your cloud configurations can be quite a challenge. This is complicated by the different types of cloud we deploy – public or hybrid – and the class of data and computing we assign to those cloud segments. Generally, one can create a comprehensive and compliant cloud security […]

How to ensure your IT and security teams stay aligned amid digital transformation

Even for sensitive industries, the movement to cloud-based technologies is generally accepted as a cost-effective and efficient infrastructure strategy and immediate priority. The migration to more agile products are occuring in nearly every department and physical security is no exception. New technologies make it possible for video surveillance data to shift from on-premise to the […]

New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection

Google Drive and Microsoft Office 365, both of which have built-in malware protection, failed to identify a new form of Gojdue ransomware dubbed Shurl0ckr. The zero-day ransomware evaded most major antivirus platforms: only seven percent of 67 tested tools detected it. Researchers on the Bitglass Threat Research Team discovered Shurl0ckr during a scan of malware […]

Innovative organizations build security into their cloud strategy

Businesses are increasingly evolving their security strategy to advance their cloud strategy. Based on research and interviews with industry practitioners, Hurwitz & Associates sees clear evidence that balancing velocity and security in the cloud starts with adopting new approaches to security. In the cloud, continuous integration practices shorten cycle times and improve efficiency. When confronted by the […]

How to Utilize the Cloud to Mitigate Cybersecurity Risks to Security Hardware

Today, cybersecurity is on all our minds. Every other day, we get news of another cyberattack. As more organizations struggle to keep up with the onslaught of these new threats, many are asking: “What can we do to strengthen our cybersecurity posture?” Because even security systems, networks, and their configurations can be susceptible to potential […]

Cloud security configuration errors put data at risk; new tools can help

Last fall, a security researcher discovered four Amazon S3 storage buckets with highly sensitive data such as client credentials and a backup database containing 40,000 passwords. Accenture had accidentally set the buckets to allow public access, and all the information was fully exposed. The researcher notified Accenture, and Accenture locked down the data. Accenture wasn’t alone. Other […]

Cloud computing: Now as vital as power, transport and fresh water?

Under the European Union’s Network and Information Systems (NIS) directive, businesses that provide essential services will have to make sure their security is good enough to protect their network and information systems from attack, as well as having to notify the relevant authorities of serious incidents. The regulations apply to critical national infrastructure — those […]