Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration

Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them. [TechWeb]( Follow Dark Reading: [RSS]( October 21, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration]( Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them. [8 Trends Driving Cybersecurity in the Public Sector]( CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware — with varying degrees of cyber maturity. [Name That Toon: Witching Hour]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Are You a CISO Building Your Risk Register for 2023? Read This First]( Achieving basic IT hygiene is 99% of the game. ['FurBall' Spyware Being Used Against Iranian Citizens]( New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report. [Brazilian Police Nab Suspected Member of Lapsus$ Group]( Lapsus$ Group became a top target after it breached the Brazilian Ministry of Health, among other targets. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams]( Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials. [Cyberattackers Spoof Google Translate in Unique Phishing Tactic]( The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials. [SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain]( We need more than the incomplete snapshot SBOMs provide to have real impact. [MORE]( EDITORS' CHOICE [Apache Commons Vulnerability: Patch but Don't Panic]( Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. LATEST FROM THE EDGE [The Insecurities of Cybersecurity Success]( Becoming a big wheel doesn't have to cost your happiness, but grind culture makes that likely. LATEST FROM DR TECHNOLOGY [Hardware Makers Standardize Server Chip Security With Caliptra]( The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD. WEBINARS - [Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker]( Enterprises are increasingly discovering that the best way to expose vulnerabilities in their defenses is to think like an attacker. Penetration testing, red teaming, threat hunting, and other offensive strategies are helping organizations quickly find the holes in their cyber ... - [Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant]( The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Ransomware Resilience and Response: The Next-Generation]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [Understanding the Zero Trust Approach]( - [SANS 2022 Cloud Security Survey]( - [BotGuard for Applications Higher Education Case Study]( - [Why Email Security Is So Valuable For Protecting Against Ransomware]( - [The Ultimate Buyer's Guide: SASE Security]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Banco Santander and Forgepoint Capital Announce Strategic Alliance to Advance Cybersecurity Investment and Innovation Globally]( [Anonos Secures $50 Million in IP-Backed Financing to Deliver Data Privacy Technology with 100% Accuracy and Utility to Data-Driven Enterprises]( [Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection]( [Corsa Security Drives Forward with Additional $10 Million Funding]( [HP Launches Sure Access Enterprise to Protect High Value Data and Systems]( [New Torii Report Finds 60% of IT Leaders Don’t Know What Apps They Have]( [SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform]( [CyCognito Launches Next Generation of Exploit Intelligence Threat Remediation Platform]( [Only 4% of Security and IT Leaders Believe All of Their Cloud Data is Sufficiently Secured]( [Bolster Deepens Platform with Dark Web Threat Intelligence and 24/7 Support]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)