HackDig : Dig high-quality web security articles for hacker

Viacom's Secret Cloud Keys Exposed

The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.A misconfigured Amazon Web Services (AWS) S3 bucket recently put Viacom's keys to its cloud kingdom at risk, according to UpGuard, which made the discovery. The Viacom incident is the latest AWS S3 misconfiguration issue to strike a company.The cloud
Publish At:2017-09-20 00:40 | Read:371 | Comments:0 | Tags: Cloud

Internet-Connected Toys: Cute, Cuddly and Inherently Insecure

After the FBI issued a warning on internet-connected toys in July, researchers began digging into these devices to assess their functions as they relate to cybersecurity. But before describing what one of these toys can do, it might be helpful to explain how they work at a very high level. Typical Components of Internet-Connected Toys The first component of
Publish At:2017-09-18 17:25 | Read:282 | Comments:0 | Tags:Cloud Security Mobile Security Cloud Cloud Applications Conn

Public, Hybrid Cloud Security Fears Abound

Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.The transition to the public cloud is a major concern for security leaders, but many haven't adopted the tools to address their biggest fears.Security firm Bitdefender polled 1,051 IT security pros to learn more about
Publish At:2017-09-16 22:50 | Read:291 | Comments:0 | Tags: Cloud

Green Security Technology: The New Corporate Color?

From carbon-neutral clouds to net-zero data centers to completely renewable power, green technology is rapidly becoming a viable option for global corporations hoping to both improve long-term outlooks and align operations with changing consumer sentiment. Consider current projects by companies such as Salesforce, Apple and Toyota. According to Greentech Med
Publish At:2017-09-15 15:35 | Read:308 | Comments:0 | Tags:CISO Cloud Security Cognitive Artificial Intelligence (AI) C

SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key

SEC Consult Vulnerability Lab Security Advisory < 20170914-0 >======================================================================= title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware version <=0.6.4 fixed version: Firmware version >=0.6.9 CVE number
Publish At:2017-09-14 22:30 | Read:338 | Comments:0 | Tags: Cloud

Cloud Security's Shared Responsibility Is Foggy

Security is a two-way street. The cloud provider isn't the only one that must take precautions.The slew of data leakage incidents involving Amazon Web Services this summer made for good headlines, but what should security professionals learn from them? Despite the good work by the UpGuard researchers who discovered unsecured AWS S3 buckets, it's hard to say
Publish At:2017-09-14 15:25 | Read:202 | Comments:0 | Tags: Cloud

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

Hello,Please find a text-only version below sent to security mailing lists.The complete version on analysing the security of "Pwning the Dlink850L routers and abusing the MyDlink Cloud protocol" is posted here: https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html=== text-version of the advisory without te
Publish At:2017-09-08 11:20 | Read:411 | Comments:0 | Tags: Cloud

Cloud Service Reconnaissance

Securing a Cloud deploymentThese days many organizations have migrated at least some of their IT services to a cloud environment. Cloud adaptation could be as basic as the use of Microsoft Office 365 on some workstations, or it could be much more comprehensive, such as the use of a fully integrated Azure or Amazon AWS infrastructure. One of the main re
Publish At:2017-09-08 09:35 | Read:287 | Comments:0 | Tags:Cloud Computing Cloud

How can enterprises secure encrypted traffic from cloud applications?

With many applications being utilized in a SaaS model, it's important to encrypt the traffic between end users and applications. When personal and sensitive data is transferred, processed or stored off local premises, the connections between these points need to be secured.Many large websites default to SSL/TLS, increasing the encrypted traffic on the intern
Publish At:2017-09-07 23:30 | Read:189 | Comments:0 | Tags: Cloud

The Other Side of Cloud Data Risk

By Daniel MiesslerWhat I’m writing here isn’t about whether you should be in the cloud or not. That’s a complex question, it’s highly dependent on your business, and experts could still disagree even after seeing all of the inputs.What I want to talk about is two distinct considerations when looking at the risk of moving your en
Publish At:2017-09-07 12:25 | Read:447 | Comments:0 | Tags: Cloud

IBM Experts Weigh In on the Value of an Industry-Focused Approach to Security

To more closely align with the way clients think about security, IBM Security is focused on providing an open security immune system that enables organizations to integrate and leverage the investments they have already made within their specific industry. Experts Discuss the Benefits of an Industry-Focused Security Strategy We consulted six experts from the
Publish At:2017-08-30 20:10 | Read:366 | Comments:0 | Tags:Industries Automotive Industry Cloud Cloud Security Energy a

IDaaS Providers: This Is How Cloud Identity Service Rapidly Responded to IoT and Mobile Demands

Accelerated identity and access management (IAM) is the mantra of many identity-as-a-service (IDaaS) providers, and IBM is no exception. Cloud Identity Service, a market-leading full-stack IDaaS solution, provides speedy deployment, lightning-fast onboarding of software-as-a-service (SaaS) applications, increased time to value and on-demand scalability to I
Publish At:2017-08-29 10:15 | Read:414 | Comments:0 | Tags:Cloud Security Identity & Access Cloud Cloud Identity Servic

Comparing Private and Public Cloud Threat Vectors

Many companies moving from a private cloud to a cloud service are unaware of increased threats.Because most companies that have followed relatively traditional IT strategies are now considering putting mission-critical applications and data into the public cloud, it's worth examining the differences in private versus public clouds when it comes to threats th
Publish At:2017-08-22 22:15 | Read:333 | Comments:0 | Tags: Cloud

Shrink Your Enterprise Cloud Computing Security Concerns With a Cloud Vendor Risk Management Program

According to a recent Forrester report, enterprise cloud computing adoption accelerated in 2016 and will do so again in 2017. Software-as-a-service (SaaS) remains the largest portion of the public cloud market, with global spending expected to reach $105 billion in 2017 and $155 billion by 2020. Infrastructure-as-a-service (IaaS) and platform-as-a-service (
Publish At:2017-08-22 09:30 | Read:466 | Comments:0 | Tags:Cloud Security Risk Management Cloud Cloud Adoption Cloud Co

Steal iCloud Keychain Secrets via OTR

Apple iCloud KeychainIn Mac OS 8.6, Apple introduced its Keychain password management system. Still integrated into every Mac OS release since then, Keychain provides a centralized storage for passwords, network shares, notes, certificates, credit card details and many other sensitive types of data. With the increasing popularity of both cloud applicat
Publish At:2017-08-17 18:35 | Read:357 | Comments:0 | Tags:Data Theft & Financial Fraud Cloud

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud