Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK
Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets. “Due to a misconfiguration in the S3 bucket that was hosting the library, a bad actor was able to inject code that made the…
Most companies suffered a cloud data breach in the past 18 months
Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals. According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity…
41% of organizations have not taken any steps to expand secure access for the remote workforce
Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access…
Passwords still widely used, despite known weaknesses
Nearly a third (29%) of organizations in Europe and the Middle East still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, two years after the inventor of the complex static password admitted they don’t work, according to Thales. In fact, 67% of respondents indicate that…
SaaS security fears: Is your data exposed to potential risk?
IT executives have rising SaaS security fears, and worry about cloud security, proprietary data encryption, as well as the loss of independent control due to access limitations, according to Archive360. SaaS security fears The research surveyed more than 100 enterprise IT executives worldwide, to identify the leading security challenges they face with their SaaS vendors….
78% of people forgot a password in the past 90 days
Passwords are the dominant way online services manage access to our personal and work-related lives. But often times, they’re more of a headache than a security tool. HYPR released the findings of a two and a half year Password Usage Study, which compiled data from over 500 full-time workers across the United States and Canada…
Do third-party users follow security best practices and policies?
Many organizations across the globe fall short of effectively managing access for third-party users, exposing them to significant vulnerabilities, breaches and other security risks, One Identity reveals. Most organizations grant third-party users access to their network Based on a Dimensional Research-conducted survey of more than 1,000 IT security professionals, the research evaluates organizations’ approaches to…
Do cloud apps make you a target for cyber attacks?
Almost half (49%) of businesses believe cloud apps make them a target for cyber attacks, a Thales research reveals. Surveying 1,050 IT decision makers globally, Thales’ 2019 Access Management Index revealed that cloud applications (49%) are listed in the top three reasons an organization might be attacked, just behind unprotected infrastructure such as IoT devices…
Identifying Named Pipe Impersonation and Other Malicious Privilege Escalation Techniques
Privilege escalation is one of the key components of any attack that involves penetrating a system. If threat actors have limited access due to a current user’s privilege levels, they will naturally aim to escalate their privileges before expanding the scope of the attack. How can security professionals detect malicious escalation techniques before adversaries get…
IP Theft: How Often Does Your IP Walk Out the Door?
It happens — employees leave. Sometimes they find growth opportunities and are encouraged, even cheered, by their employers to go for it. Other times, they are let go due to downsizing or performance issues, recruited by rivals or otherwise lured to greener pastures. In all scenarios, the employer’s intellectual property (IP) is at risk. Revenge,…