Comments
10 Major Cloud Storage Security Slip-Ups (So Far) this Year
Newest First  |  Oldest First  |  Threaded View
ChristopherJames
50%
50%
ChristopherJames,
User Rank: Apprentice
9/18/2018 | 10:26:48 PM
Re: Fixing S3 Bucket Problems
Security slip-ups have become even more common these days with a greater number of individuals who are proficient in the field to come forward and hack vulnerable portals. They just wish to show how easy it truly is to hack into anyone's system and in turn gain public attention. Most of them do it for fame rather than for other reasons like finances or access. Security companies need to really step up their game in this modern era where internet is readily accessible by anyone.
tradichel
50%
50%
tradichel,
User Rank: Apprentice
10/16/2017 | 6:02:25 PM
Fixing S3 Bucket Problems
In order to fix S3 bucket problems, companies need to think more holistically about why they are happening. I published a related article on Secplicity explaining what it is like to manage a cloud environment with many people deploying new software all the time. Companies need to automate software deployments, inventory the software, and invest in more security controls that make it hard to deploy out of date software or configuration changes that are not following best practices and company policies.


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19333
PUBLISHED: 2018-11-17
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2018-19340
PUBLISHED: 2018-11-17
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVE-2018-19327
PUBLISHED: 2018-11-17
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19328
PUBLISHED: 2018-11-17
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19329
PUBLISHED: 2018-11-17
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.