AWS
Securing Your AWS IAM Cross-Account Roles and Service Roles
This post was originally published here by Edward Smith. AWS Identity and Access Management (IAM) is a powerful service that helps you control access to AWS resources by enabling you to specify who and what is authenticated (signed in) and authorized (has permissions) to use those resources. Since IAM represents the “keys to the kingdom” […]
AWS Access Keys rotation can boost Cloud Security
If an application is not hosted on EC2 instance, then it needs AWS access keys to be accessed. And also all 3rd party applications hosted on EC2 instance require Keys to be accessed. In both cases, the application owner must specify a policy for AWS Access Key rotation, which can be implanted via Command Line […]
Bitglass Security Spotlight: LinkedIn, Vector, and AWS
This post was originally published here by Jacob Serpa . Here are the top cybersecurity stories of recent weeks: LinkedIn security gap exposes users’ data Vector app reveals customers’ information AWS misconfiguration makes LocalBlox user information public New malware steals data via powerlines Banking apps deemed the most unsecured LinkedIn security gap exposes users’ data LinkedIn’s […]
Enhanced security and compliance for AWS
This post was originally published here by casey pechan. Navigating the Amazon Web Services (AWS) Shared Responsibility Model can be tricky, but nonetheless it’s critical to understand what security protections AWS provides and what security additions can be sourced in the AWS Marketplace. Hint: we’re in it! Our latest white paper, enhanced security and compliance for Amazon […]
Microsoft gains Australian Signals Directorate Certification
Microsoft Corporation has proudly announced that it has gained a certification from Australian Signals Directorate(ASD) to host protected level of datasets related to government organizations in its public cloud- after just 12 months after receiving an IRAP certification. So, from now on government agencies of Australia can store all their critical data on Azure or […]
Humans Errors cause major Cloud Security Disasters
Whilst, in today’s world they are N number of sophisticated cloud security tools in play, Gartner research has confirmed that humans-both end users and IT teams are causing dicey vulnerabilities which are being exploited by hackers to cause data breaches on reputed cloud platforms such as Amazon Web Services (AWS). The research firm has confirmed […]
Saturday Security Spotlight: Cryptomining, AWS, and O365
This post was originally published here by Jacob Serpa. Here are the top cybersecurity stories of recent weeks: Malicious cryptomining the top cybercrime New details emerge on unsecured AWS buckets Data Keeper ransomware begins to spread Office 365 used in recent mass phishing attacks SgxSpectre attacking Intel SGX enclaves Malicious cryptomining the top cybercrime Since September […]
Who’s responsible for security in AWS?
This post was originally published here by carson sweet. One of the biggest questions to be answered as enterprises migrate to AWS is, who’s responsible for security? The AWS shared responsibility model for security is a must-read for security and compliance practitioners starting their AWS journey. AWS does provide quite a lot of security for their customers, […]
Amazon Web Services acquires Cybersecurity Startup Sqrrl!
Amazon Web Services has made an official announcement that it has acquired Cybersecurity startup Sqrrl that was spun out by two former top-level executives of National Security Agency(NSA). The cloud services provider also confirmed that more such deals of purchasing businesses from US Intelligence Agencies will continue in near future. In November 2017, Amazon Cloud […]
Federal data of 123M US households leaked in latest AWS Data Breach
Critical data of more than 123 million US households was leaked to the public network very recently- all due to a misconfiguration on AWS Storage Bucket. Chris Vickery, a security researcher at UpGuard, Inc was the one who alerted the world about the data breach of the cloud-based data repository and said that the leak […]
