The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Cloud security

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

September 20, 2017Wang Wei
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server. A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties. These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon. Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiarie
Hands-On Review: Converged Networking and Security with Cato Networks

Hands-On Review: Converged Networking and Security with Cato Networks

May 08, 2017Mohit Kumar
Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or urgently patch a vulnerability – you know what I am talking about. All of these issues have been with us basically forever. Recently, the list of complex tasks extended to getting cloud infrastructure connected to the rest of the network, and secure access for mobile users. There seems to be a change coming to this key part of IT, a silver lining if you will. We decided to take a look at one solution to this problem – the Cato Cloud from Cato Networks. Founded in 2015, Cato Networks provides a software-defined and cloud-based secure enterprise network that connects all locations, people and data to the Cato Cloud – a single, global, and secure network. Cato promises to simplify netwo
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

May 14, 2015Swati Khandelwal
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed , it is not going to cause as much danger as HeartBleed did. Dubbed VENOM , stands for Virtualized Environment Neglected Operations Manipulation , is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory. Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year’s HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information. Now let’s know more about Ven
U.S. based Cloud Hosting providers contribute 44% of Malware distribution

U.S. based Cloud Hosting providers contribute 44% of Malware distribution

January 20, 2014Anonymous
U.S. has the top Security Agencies like NSA, FBI to tackle cyber crime and terrorism with their high profile surveillance technologies, but even after that U.S is proudly hosting 44% of the entire cloud based malware distribution. With the enhancement in Internet technology, Cloud computing has shown the possibility of existence and now has become an essential gradient for any Internet Identity. Cloud services are designed in such a way that it is easy to maintain, use, configure and can be scaled depending upon the requirement of the service being provided using the CLOUD technology with cost effective manner. Due to the Easy and Cost effective alternative of traditional computing, Malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to Internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider. Hiding behind trusted domains and names is not something new. According to recently
Chinese search engine Baidu launches free Antivirus Suite

Chinese search engine Baidu launches free Antivirus Suite

March 05, 2013Mohit Kumar
Chinese search engine Baidu has just launched a security product called Baidu Antivirus 2013 . Described as a ultra light weight, easy to use, extremely fast anti-virus program that promises to protect your system from malware, viruses, spyware, adware and other malicious programs. Most interesting thing is that Baidu Antivirus comes only in English. Back in January, Baidu launched Baidu PC Faster, a software suite designed to fix speed and performance issues. The program combines the Baidu Antivirus Engine and Baidu Cloud Security Engine with the Avira Antivirus engine to provide you with complete protection against all online threats. " Baidu Antivirus offers an easy to use interface with several advanced configuration options as well as quarantine of infected files. It also has an extremely small memory footprint, so you can actually do other things while it is running on your computer. Other features include automatic updates, Host Intrusion Prevention System (HIPS), scan r
The Top Six Ways You Will Benefit From Event Log Monitoring

The Top Six Ways You Will Benefit From Event Log Monitoring

February 12, 2013Mohit Kumar
Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they happen. Proactive log management can help an admin get into a proactive mode You know that event log monitoring is important, since all your systems and key applications log data. But since no two systems log to the same place, or in the same format, it’s almost impossible to get ahead of the logging and actually pay attention to what is being logged. That’s where event log monitoring comes into play; here’s why: Aggregate your logs in a central location:  With logs spread across dozens or even hundreds of systems, there’s no way you can manage them where they are. Event log monitoring applications can gather up all your logs in a central location, making them easy to analyze, store, and m
Incapsula innovative DDoS Protection techniques

Incapsula innovative DDoS Protection techniques

November 22, 2012Mohit Kumar
Several weeks ago we reviewed Incapsula , a Cloud-based Security service which can significantly enhance the security of your website, while also boosting its performance. Following this review we’ve received many responses from our readers who wanted to learn more about Incapsula protection services. Specifically, we were asked to explain more about Incapsula Enterprise plan features. To answer these questions, today we are going to take a look at Incapsula DDoS Protection services. Distributed Denial of Service attacks If your business has a web presence, chances are that you’ve already heard about Distributed Denial of Service attacks. In case you didn’t, a Distributed Denial of Service (DDoS) attack is a DoS attack that is usually carried out by a “botnet”, a network of computers acting in concert to overwhelm the server by depleting all available resources. Recently we all witnessed a large DDos attacks on U.S. banks by Muslim hacker group , an attack which crippled th
Incapsula - Essential Cloud based Security Solution for your Website

Incapsula - Essential Cloud based Security Solution for your Website

October 16, 2012Mohit Kumar
Over 2011-2012 we've seen an increase in distributed denial-of-service (DDoS) attacks and other web attacks on SME's websites. Incapsula is one of the companies whose service is useful to protect your website from all threats and mitigate DDoS attacks which affect your websites, servers, databases, and other essential infrastructure. Incapsula is a cloud-based website security and performance service, including a PCI-certified cloud web application firewall and a content delivery network (CDN) for small and medium-sized businesses. We at ' The Hacker News ' got the chance to review the service using an Enterprise plan account. Really it takes I think 1-2 minutes to join the service and add this extra layer of virtual shield around your Website. You have to make a simple DNS settings change in your domain panel. Your site traffic is then routed through Incapsula’s global network of high-powered servers. Incoming traffic is analyzed and a security layer is a
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.