AWS LAUNCHES NEW SECURITY OFFERING WHICH MITIGATES S3 MISCONFIGURATIONS – IF CUSTOMERS GET IT RIGHT

Amazon Web Services (AWS) has announced extra steps to ensure customers’ S3 buckets don’t become misconfigured – but don’t assume responsibility has been taken away from the customer. The new service, Amazon S3 Block Public Access, can work at the account level, on individual buckets, as well as future buckets created. Users can also block existing public access, or ensure public access is not available for newly created items. The move can be seen as an extension of the ...
CLOUD COMPUTING
READ MORE

HONG KONG TO TIGHTEN CYBER SECURITY RULES AFTER BROKER HACKS

Hong Kong plans to toughen information security rules after a series of embarrassing hacks at the city's brokers, the securities regulator said on Thursday. The draft rules would likely include requirements for two-step authentication for account log-in and for brokers to notify clients when a transaction had been made, a Hong Kong Securities and Futures Commission (SFC) spokesman said....
REUTERS
READ MORE

FACEBOOK RESETTING ACCESS TOKENS FOR 90M USERS AFTER BREACH

On Sept. 28, the company publicly admitted that it was the victim of a data breach that impacted approximately 50 million user accounts. Out of an abundance of caution, Facebook is resetting the access tokens for a total of 90 million user accounts. The breach was apparently discovered in the afternoon on Sept. 25 and was quickly remediated. "Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted &...
EWEEK
READ MORE

USENIX: UNSTABLE CODE CAN LEAD TO SECURITY VULNERABILITIES

As if tracking down bugs in a complex application isn't difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn't understand, often without alerting the programmer of the missing functionality....
COMPUTERWORLD
READ MORE

INTERNET OF THINGS MUST DRIVE FRESH SECURITY APPROACHES

Granted, it’s unlikely that anyone would be sending a car an email with a malicious executable, but that doesn’t mean there aren’t threat vectors for hackers to exploit. However, because this so-called “Internet of Things” (IoT) is still in its infancy, the security community does have a chance to build in new and better approaches to security, to head off big issues at the pass....
INFOSECURITY MAGAZINE
READ MORE

ISACA LAUNCHES DIGITAL BADGES FOR CREDENTIAL VERIFICATION

ISACA is using Open Badges technology to underpin the web-based credentials, and they’re available for individuals who have earned the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and/or Certified in Risk and Information Systems Control (CRISC) certifications....
INFOSECURITY-MAGAZINE
READ MORE