AWS Archives - Securezoo

Denonia malware targets AWS Lambda

Cloud Security, Cybersecurity Attacks, Malware / By Frank Crast / April 8, 2022 / AWS, Cado Labs, Cryptocurrency, Cryptomining, Denonia, Lambda, XMRig

A first of its kind malware dubbed Denonia has been targeting Amazon Web Services (AWS) Lambda, an event-driven, serverless computing platform.

Guidelines for securing Content Management Systems

Application Security, Configuration Management, Cybersecurity Articles, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / March 5, 2020 / ACSC, AWS, CMS, Drupal, Joomla, Web application, WooCommerce, WordPress

The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.

Microsoft introduces Application Inspector

Application Security, Cybersecurity Articles / By Frank Crast / January 21, 2020 / API, Application, Application Inspector, AppSec, AWS, Azure, Cloud, Cryptography, Microsoft, Open Source, SDLC

Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.

Top 3 AWS security configuration mistakes

Cloud Security, Cybersecurity Articles, Server Security, System Hardening / By Frank Crast / September 21, 2019 / Amazon, AWS, botnet, Cloud, DevOps, GoldBrute, GoScanSSH, Palo Alto Networks, Port 22, Port 3389

Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.

Serious open-source container vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 12, 2019 / AWS, Container, CVE-2019-5736, Docker, Openwall, Red Hat

A serious vulnerability in runc open-source container management has been discovered and patched. runc is used by most of the underlying container engines and runtime, such as Docker, cri-o, containerd, and Kubernetes.

FreeRTOS vulnerabilities patched

Leave a Comment / Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 23, 2018 / Amazon, AWS, FreeRTOS, Vulnerabilities, ZLabs

Multiple serious vulnerabilities have been discovered within FreeRTOS, a real-time operating system kernel used in large number of internet-connected devices.

AWS S3 error exposes data on 31K GoDaddy servers

Cloud Security, Configuration Management, Identity & Access Management / By Frank Crast / August 10, 2018 / Amazon, AWS, Cloud, configuration management, GoDaddy, S3, server

Cybersecurity firm UpGuard has discovered an error in Amazon AWS bucket configuration that led to the exposure of internal GoDaddy infrastructure data.

Massive Breach at Uber covered up

Leave a Comment / Data Breach, Data Privacy / By Frank Crast / November 22, 2017 / AWS, Data Breach, GitHub, Uber

Uber suffered a massive data breach in October 2016 and paid hackers $100,000 to keep quiet about it and delete the data. The breach resulted in the loss of sensitive personal information on nearly 50 million Uber users and 7 million Uber drivers. According to the current CEO Dara Khosrowshahi, the personal data included drivers licenses …

Massive Breach at Uber covered up Read More »

S3 Buckets exposed

Leave a Comment / Cloud Security, Data Breach / By Frank Crast / November 20, 2017 / Amazon, AWS, centcom, Cloud

Three misconfigured AWS S3 buckets exposed US military archives of an astounding size.

6 Important Safeguards To Stop Insider Threats

Cybersecurity Articles, Insider Threats / By Frank Crast / November 2, 2017 / AWS, Cloud, DLP, Eric Snowden, Insider Threat, NSA, Security Policy, Verizon

Insider threats can be malicious or inadvertant, but the consequences can lead to costly brand damage or significant financial losses to your company. Understanding the types of insider threats and corresponding risk indicators can help minimize impact and damage caused by such threats.