Category Archives: Cloud Security

You are here:

Home
Category "Cloud Security"

Microsoft Addresses 111 Bugs for May Patch Tuesday

Cloud Security, elevation of privilege, EoP, IoT, may 2020, Microsoft, patch tuesday, RCE, remote code execution, Security Vulnerabilities, Sharepoint, Vulnerabilities, Web SecurityBy Jeremy McClure May 12, 2020

Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs. Microsoft Addresses 111 Bugs for May Patch Tuesday

Is ‘Sign in with Apple’ Marketing Spin or Privacy Magic? Experts Weigh In

App Store, Cloud Security, data harvesting, Data sharing, Developers, Facebook, how it works, log in with facebook, mandatory, Mobile Security, oauth, Privacy, required, sign in with apple, User dataBy Jeremy McClure June 4, 2019

The login scheme promises it won’t share data — and will be required for all developers using third-party sign-ins. Is ‘Sign in with Apple’ Marketing Spin or Privacy Magic? Experts Weigh In

Smart-TV Bug Allows Rogue Broadcasts

Bug, Cloud Security, CVE-2019-12477, Dhiraj Mishra, emergency messages, Hacks, hijacking, IoT, rogue broadcast content, supra smart tv, Vulnerabilities, vulnerabilityBy Jeremy McClure June 3, 2019

An attacker could gain remote access by chaining together an exploit for home routers with the TV flaw. Smart-TV Bug Allows Rogue Broadcasts

Passwords: Here to Stay, Despite Smart Alternatives?

alternatives, Authentication, Biometrics, breach, Cloud Security, Cryptography, fido, IoT, Password, password killer, passwords in use, Privacy, Troy Hunt, Web Security, webauthnBy Jeremy McClure November 5, 2018

“Password-killing” authentication efforts may be on a road to nowhere. Passwords: Here to Stay, Despite Smart Alternatives?

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

Cisco, Cloud Security, Denial of Service, Internet of things, IoT, remote code execution, Talos, video feed interception, Vulnerabilities, yi cameraBy Jeremy McClure November 1, 2018

Five of them allow remote compromise of the IoT gadgets, so attackers can intercept video feeds and more. Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

breach, Cloud Security, cloud storage, criminal access, data breach, Elasticsearch, fitmetrix, gym customers, misconfiguration, open server, personal information, Privacy, public access, Web SecurityBy Jeremy McClure October 11, 2018

Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks. FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

auto login, automatic sign in, Browser, chrome, Cloud Security, data harvesting, Facebook, Google, Matthew Green, Privacy, sync feature, Web SecurityBy Jeremy McClure September 24, 2018

Chrome users are now automatically signed into the browser if they’re signed into any other Google service, such as Gmail. Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

ThreatList: Supply-Chain Defenses Need Improvement

Cloud Security, cost of an attack, Critical Infrastructure, crowdstrike survey, Hacks, Most Recent ThreatLists, remediation, supply chain attacks, vettingBy Jeremy McClure July 23, 2018

Few organizations are prepared to mitigate supply-chain risks, despite a majority of them acknowledging they are a huge cyber threat. ThreatList: Supply-Chain Defenses Need Improvement

Timehop Breach Impacts Personal Data of 21 Million Users

access tokens, cloud computing breach, Cloud Security, data breach, Facebook, Facebook Privacy, Hacks, Mobile Security, multi-factor authentication, personal data, social media, TimehopBy Jeremy McClure July 9, 2018

A massive breach has impacted up to 21 million users’ personal data and their social media “access tokens.” Timehop Breach Impacts Personal Data of 21 Million Users

Keeping False Positives in Check

Cloud Security, False Positives, IoT, Meltdown, Security information and event management, SIEM, Spectre, WannaCryBy Jeremy McClure July 6, 2018

InfoSec Insider Justin Jett shares his opinions on how to avoid false positive security threat fatigue before sets in and companies drop their guard. Keeping False Positives in Check