Jun.18

22K Open, Vulnerable Containers Found Exposed on the Net

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud.
According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the use of non-secure protocols. As a result, attackers can remotely access the infrastructure to install, remove or encrypt any application that the company is running in the cloud. Read More

Uncategorized,Security & Privacy,Cloud Security

Jun.18

IngressFS – June 2018 Results

589 Agents from 27 cities in 16 countries earned 79 million AP, gained 57 levels and walked 2,250 km during June’s First Saturday events around the world.
This month, the Enlightened had the most KM walked (+44) and most KM per agent (+0.19). The Resistance had the most agents (+3), most levels gained (+3), most AP earned (+2.3m) and most AP per agent (+6.6k). Read More

Niantic & Ingress

Jun.13

Malicious Docker Containers Earn Cryptomining Criminals $90K

UPDATE
Seventeen malicious Docker containers earned cryptomining criminals $90,000 in 30 days in what could be a harbinger of things to come.

The figure may seem tame compared to some of the larger paydays that cryptojackers have earned. But, researchers at Kromtech Security Center warn containers are shaping up to be the next ripe target for these types of criminals. Read More

Uncategorized,Security & Privacy,Cloud Security

Jun.11

Jun.07

CloudPets May Be Out of Business, But Security Concerns Remain

More than a year after CloudPets connected teddy bears were found to have exposed 2.2 million voice recordings between parents and their children in a significant data breach, Amazon, Target and Walmart have pulled the toys from their online markets. But it’s the installed base of the connected cuddlies that should be of greater concern. Read More

Uncategorized,Security & Privacy,Cloud Security

Jun.07

Jun.05

DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers

Account data tied to 92 million users of the genealogy and DNA testing service MyHeritage were found on a third-party “private” server in a breach that exposed usernames and passwords of customers.
The breach is the largest since last year’s Equifax leak[1] of 147.9 million pieces of private data ranging from Social Security numbers, birth dates, addresses and some driver’s license numbers. Read More

Uncategorized,Security & Privacy,Cloud Security

Jun.05

Jun.01

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Thousands of organizations out there are leaking some form of sensitive email, according to an analysis, thanks to a widespread misconfiguration in Google Groups.
According to Kenna Security, the afflicted include Fortune 500 companies, hospitals, universities and colleges, newspapers and television stations and U.S. government agencies. Out of just one sample of 9,600 organizations with public Google Groups settings (out of 2.5 million examined domains), the Kenna team found that 31 percent of them (about 3,000) are exposing data. That means that the global footprint of affected organizations could total tens of thousands. Read More

Uncategorized,Security & Privacy,Cloud Security

Jun.01