Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with [...]
Your 2021 Cloud Security Recommendations (Assuming 2020 Ever Ends) 2020. So THAT just happened. When it comes to cloud security, 2020 was like pouring rocket fuel onto a gasoline fire; our three year plans turned [...]
ALERT to FIX in a MINUTE As Rich and I have been talking about for years, the ability to move to automated cloud security operations remains one of the most compelling opportunities for improving security in [...]
DisruptOps Welcomes Security Executive Matt Eberhart as COO The cloud security automation platform player strengthens the executive team as growth accelerates. KANSAS CITY, Aug. 1, 2020 -- DisruptOps, a cloud detection and response platform, today announced the addition of [...]
ElectricEye v2.0 We are thrilled to share the news that version 2.0 of ElectricEye has been published. You can check it out here: https://github.com/jonrau1/ElectricEye Over the past couple of months, DisruptOps has been contributing to ElectricEye, an open source project [...]
Advanced Techniques for Defending AWS ExternalIDs and Cross-Account AssumeRole Access Last month Kesten Broughton at Praetorian Security released some great research on third party cloud security products using Amazon’s preferred cross-account connection technique - AWS IAM Assume Role Vulnerabilities [...]
AWS Security Management with SecurityHub Security has been a top concern with cloud adoption since its inception and as a result, security has been a top concern of cloud vendors as well. To help customers meet the security challenges of [...]
Easy Does It — Understanding Object Storage Public Data Exposure One thing I’d like to avoid in narrating this journey through common Cloud Attack Killchains is the implication that cloud platform providers are doing an inherently bad job. The [...]
Hitting PaaS on Inadvertent Cloud Database Exposure As we hit the third installment in our Top 10 Cloud Attack Killchains series you’re probably starting to notice that none of these attacks take a rocket scientist to pull off. If you’ve read the [...]
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.