Cloud Security This Week – February 16, 2018

Evident.io in the News
Open AWS S3 Bucket Exposes Private Info on Thousands of Fedex Customers
“There’s a whole hacker cottage industry around finding and exploiting S3 buckets, and it’s growing because as cloud environments grow, so do the number of unsecured assets that are discoverable. Hackers are going after S3 buckets and other repositories because that’s where the data is, but also because they’re easy to find.” Tim Prendergast, CEO of Evident.io

Service Mesh Amplifies Microservice Management Capabilities
“Security can be applied within and among all of this activity, because the service mesh operates on a data plane,” said John Martinez, VP of security at Evident.io. “This allows security to be managed more transparently when communications can be observed on a plane, between services.”

FedEx S3 Bucket Exposes Private Details on Thousands Worldwide
Tim Prendergast, CEO of Evident.io, comments on the prevalence of hackers who are actively searching for S3 bucket misconfigurations.

Content from Evident.io
WEBINAR: The Evolution of DevSecOps Revisited
Register for our webinar on Thursday, February 22nd, 2018 where our panel of experts will discuss relationship between DevOps and SecOps and explore whether or not it has evolved to be as harmonious as we hoped.

The Olympics and 4,000 Government Websites Got Owned
Two recent discoveries in the world of cybersecurity – from the Olympics and via cryptojacking – highlight potential trends we can expect to see more of. High profile and brash, they portend an alarming extension of hacker activity.

I Heart Security
Save your flowers and See’s Candy for your loved ones, but remember that if you love your job, your customers, and avoiding board-level meetings where you have to explain how a 15 year-old hacker planted malware into an open repository that subsequently leaked millions of customer records and cost the company billions in market cap, then let’s get on board with a concept that applies to every aspect of our lives – say it with me, brothers and sisters: I LOVE SECURITY.

Deep Security Thoughts
Bob, Dick, Pete, and God’s tears. They all play a part in help you create a more secure cloud environment. Find out in our new series, Deep Security Thoughts.

News and Perspectives on Cloud Security
‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers
A new search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the owners may have mistakenly published to the world.

Hackers Stole $50 Million in Cryptocurrency Using ‘Poison’ Google Ads
A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, one of the most popular providers of digital currency wallets, according to a report published Wednesday.

New Equifax Security Officer Faces Tough Task
Equifax announced that Jamil Farshchi will now be heading Equifax’s security team as it looks to dig itself out of a major hole after hackers took advantage of an Equifax security weakness and gained access to personal data of more than 145.5 million Americans.

IT Provider for Winter Olympics Hacked Months Before Opening Ceremony Cyberattack
Hackers armed with destructive malware appear to have compromised the main IT service provider for the Winter Olympic Games months before last week’s highly publicized cyberattack.