Cloud Security - Securezoo Blog

Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Post Author:Frank Crast
Post published:March 16, 2020
Post Category:Cloud Security / Identity & Access Management

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.

NSA: Guidance to mitigate cloud vulnerabilities

Post Author:Frank Crast
Post published:February 10, 2020
Post Category:Cloud Security / Configuration Management / Cybersecurity Articles / Third-Party Security

The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.

Zoom patches vulnerability that could allow eavesdropping

Post Author:Frank Crast
Post published:January 28, 2020
Post Category:Cloud Security / Messaging Security / Password Management / Security Updates & Patches / Uncategorized / Vulnerabilities & Exploits

Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company's online meetings.

Adobe Creative Cloud database exposed over 7 million user records

Post Author:Frank Crast
Post published:October 29, 2019
Post Category:Cloud Security / Configuration Management / Data Breach / Password Management

Security researchers discovered an unsecured Adobe Creative Cloud Elasticsearch database that exposed nearly 7.5 million user records.

Top 3 AWS security configuration mistakes

Post Author:Frank Crast
Post published:September 21, 2019
Post Category:Cloud Security / Cybersecurity Articles / Server Security / System Hardening

Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.

Office 365 third-party risks and configuration guidance

Post Author:Frank Crast
Post published:May 21, 2019
Post Category:Cloud Security / Configuration Management / Cybersecurity Articles / Third-Party Security / Vulnerabilities & Exploits

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.

Crypto miners exploit vulnerable Docker hosts

Post Author:Frank Crast
Post published:March 5, 2019
Post Category:Application Security / Cloud Security / Vulnerabilities & Exploits

Security researchers from Imperva have found thousands of Docker hosts exposed to a new vulnerability and exposed remote Docker API. The new research describes the threat along with sample scripts and what can be done about it.

Online casino data leak exposes 108 million bets, personal data

Post Author:Frank Crast
Post published:January 21, 2019
Post Category:Cloud Security / Data Breach / Data Privacy

A massive data leak from an ElasticSearch server has exposed information on over 108 million bets, as well as personal information, deposits and withdrawals. The server was not configured with any password or authentication required to protect the data.

Nearly 800M email records exposed in massive data breach

Post Author:Frank Crast
Post published:January 17, 2019
Post Category:Cloud Security / Data Breach / Password Management

A massive data breach dubbed "Collection #1" exposed nearly 800 million email addresses and millions of passwords. Security expert Troy Hunt was alerted of the leaked data made available for free download from popular MEGA cloud storage service. The data consisted of over 12,000 separate files and more than 87GB of data.

AWS S3 error exposes data on 31K GoDaddy servers

Post Author:Frank Crast
Post published:August 10, 2018
Post Category:Cloud Security / Configuration Management / Identity & Access Management

Cybersecurity firm UpGuard has discovered an error in Amazon AWS bucket configuration that led to the exposure of internal GoDaddy infrastructure data.