
How to Prevent the Next Okta-like Data Breach?
The recent Okta security incident made us think about the dangerous combination of two equally cruel to exploit vectors – the 3rd party (or supply
The recent Okta security incident made us think about the dangerous combination of two equally cruel to exploit vectors – the 3rd party (or supply
The recent Okta security incident made us think about the dangerous combination of two equally cruel to exploit vectors – the 3rd party (or supply chain) along with the identity
By 2030, the cloud computing market is reaching $1,554.94 billion. As the industry grows, the risk for identity fraud and theft also rises within an environment where the data is shared with multiple users. Thus it has become crucial to undergo a cloud audit. Cloud computing audits are becoming increasingly
As companies and organizations engage in digital and remote working practices, cloud compliance becomes more critical than before. Cloud compliance is a term given to the need of an organization and cloud computing providers to check if they comply with the laws and regulations that apply to use of the
As IAM is taking its place as the main security mechanism in the cloud, we hear about more security issues related to it. Ofen, they are related to a wrong use of this mechanism. Using generic permissions, too broad permissions or overly-trusting the cloud provider can leave our infrastructure and
Lessons Learned from Ubiquiti’s Latest Hack On January 21, Ubiquiti Networks, an American technology vendor of cloud Internet of Things (IoT), disclosed that it had suffered a data breach. Ubiqiti sent out emails to its customers asking them to change their passwords and enable 2FA for their accounts. At the
Who has access to my sensitive S3 bucket?Who can create new IAM users in our account?Who can read data off of my DynamoDB? These are questions we often hear from security teams that are looking to enhance their governance and visibility into their cloud security posture. We also hear those
With the rise of cloud-native technologies more responsibility falls in the hands of developers. Beside the application source code developers are now writing containers code, orchestrators code and also defining their infrastructure and cloud resources using infrastructure-as-code (IaC). Using the correct IaC configuration is a real challenge and leaving your
Crossing IAM worries off your (S3) bucket list Winter is coming, so let’s talk about clouds with leaking buckets. As you may know, AWS is the market share leader in the public cloud services space, with 31% of the revenue pie (or 33% of a smaller revenue pie), and as
It’s more than a week since the gaming and content streaming giant Twitch confirmed a data breach. Twitch, a popular streaming service used by gamers, again made the headlines as it was attacked, resulting in 125 GB of data leaks onto the 4Chan forum. The leaked data comprises sensitive user
The scan has turned up a misconfiguration in the policy that uses an “*” that is way too permissive since it allows for everything. Snyk IaC provides information about the potential risk from this configuration and general advice for how to fix the problem, and Solvo takes this further by
AWS S3 buckets have a well-earned reputation for being down right leaky. Considering how widely used this useful object storage service is for developers, it has historically been fairly easy to misconfigure their security policies. And as case after case –– look at the recent Premier Diagnostics incident –– has