I recently wrote a two-part series of articles for Dark Reading on the technical and organizational challenges that make patching hard in large organizations like Equifax. The same types of issues factor into the recent rash of AWS S3 Bucket breaches I examined in a prior Secplicity blog post. In each of these scenarios, someone in the organization is responsible for updating a … [Read more...]
S3 Bucket Security: More Than ACLs and Policies
Many companies are suffering data breaches because attackers gain access to data in AWS S3 buckets. I don’t want to repeat all the news articles outlining all the S3 data breaches. A Google search will give many examples, and it seems like by the time I write this another one will be in the news. Instead, I’d like to jump to why these S3 bucket breaches are happening and how to … [Read more...]