The maintainers of the OpenSSL library, one of the more widely deployed cryptographic libraries on the Web, have fixed a serious vulnerability that could have resulted in the revelation of 64 KB of memory to any client or server that was connected.
Browsing Category: Cloud Security
Amazon Web Services is actively searching a number of sources, including code repositories and application stores, looking for exposed credentials that could put users’ accounts and services at risk.
Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed over two dozen issues with the company’s Java Cloud Service platform.
Basecamp is back online Tuesday after the service was taken down by a distributed denial-of-service attack Monday.
Microsoft is taking a number of steps to try and reassure customers about the integrity of the company’s offerings and to greatly expand the use of encryption across its services.
A new spam campaign has been circulating over the last few weeks in hopes of duping users of the popular cloud storage service Dropbox. The e-mails purport to come from the service but instead lead those who click through to a malware landing page.
As attackers continue to target large databases of passwords and users grow wearier by the day of creating new accounts and login credentials on each site they visit, the larger Web players are positioning themselves as not just social networking or retail hubs, but also as authentication providers. The latest to join this crew is Amazon, which is rolling out a service called Login With Amazon that enables visitors to participating sites to login with their existing Amazon credentials.
Defenders are at an asymmetric disadvantage when it comes to defending their networks. Attackers spend every minute of their day focused exclusively on penetrating your network to accomplish their mission…and opportunities abound.
UPDATE – With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they’re making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in.
Less than a day after Apple announced a new two-factor authentication to better protect Apple ID and iCloud accounts, the company was scrambling to fix another major security hole with its own password reset tool.