I have been investigating an incident involving two EC2 instances on AWS that were infected with ransomware, cryptocurrency miners, and other types of malware. Sounds scary, right?! Well actually, the approaches that the attackers took to get onto the hosts do not appear to be that sophisticated, and this type of attack could occur in any environment, not just in the cloud. … [Read more...]
Top Cloud Security Threats
This week over 44,000 people traveled to Las Vegas to attend AWS re:Invent, Amazon’s largest conference of the year. I spoke to a crowd of close to 500 people on Monday about top cloud security threats, along with my co-presenter, Boyan Dimitrov, from Sixth who presented on compliance and security automation. A short overview follows. For more information, watch the video and … [Read more...]
Configuration Management to the Rescue: Patching and S3 Buckets
I recently wrote a two-part series of articles for Dark Reading on the technical and organizational challenges that make patching hard in large organizations like Equifax. The same types of issues factor into the recent rash of AWS S3 Bucket breaches I examined in a prior Secplicity blog post. In each of these scenarios, someone in the organization is responsible for updating a … [Read more...]
Carbon Black Data Leaks – A Good Reminder to Protect Keys
A security firm published a blog post today explaining how they compromised an endpoint security system. The vendor, Carbon Black, responded in a blog post explaining that this feature is off by default and customers receive a warning when they turn it on. Setting aside the topic of responsible disclosure for the moment, take a look at this statement in the research firm’s … [Read more...]
Hacking Door Locks and Car Locks (Or Anything Wireless)
When a wireless device of any kind sends data from one location to another, the device needs to protect the data just as if it was traveling over a wired network. Unfortunately, that is often not the case as several security researchers proved at Black Hat and Def Con. Tools exist that allowed the researchers to capture data traveling over different types of wireless protocols … [Read more...]
