author photo
By SecureWorld News Team
Mon | Nov 6, 2017 | 7:37 AM PST

Cloud security--and who owns the risk--was part of an Advisory Council roundtable last week at SecureWorld Denver.

And the consensus is that all sides own a slice of the risk.

Amazon Web Services, for example, operates under a shared responsibility model. AWS is responsible for the security of the cloud infrastructure. The client is responsible for properly configuring each server in the cloud that it uses.

And that's where companies are running into trouble. Mis-configured servers in the cloud have left sensitive information open and exposed. That was the case with Accenture's exposed cloud database in the fall of 2017. There have been almost weekly examples of issues like this

New Vulnerability called 'GhostWriter'

Now, researchers at SkyHigh networks have discovered a new kind of AWS S3 bucket vulnerability that can lead to a man-in-the-middle (MITM) attack because some S3 buckets are configured to allow public writes.

"Bucket owners who store Javascript or other code should pay particular attention to this issue to ensure that 3rd parties don’t silently overwrite their code for drive-by attacks, bit-coin mining or other exploits. Even benign image or document content left open for overwriting can be exploited for steganography attacks or malware distribution," says Chief Scientist Sekhar Sarukkai.

Comments