Brought to you by ITPro
Accenture left four Amazon Web Services (AWS) S3 buckets open and downloadable to the public, containing software for its Accenture Cloud Platform enterprise cloud offering and other sensitive internal data, security researchers said today.
The unsecured AWS S3 buckets were discovered by UpGuard security researcher Chris Vickery on Sept. 17, 2017, and revealed “significant internal Accenture data, including cloud platform credentials and configurations.” Credentials for Accenture’s Google and Azure accounts also appeared to be stored in one of the buckets, which could have far-reaching consequences in the hands of a malicious actor.
The servers were secured the next day after UpGuard Director of Cyber Risk Research Vickery notified Accenture.
The company, which provides consulting and professional services, is not the first to have had unsecured AWS S3 buckets discovered by UpGuard. Earlier this year, Vickery notified Verizon, and election data firm Deep Root Analytics about AWS S3 buckets open to the public, exposing tens of millions of customer and voter records, respectively.
In a blog post on Tuesday, Vickery said that this exposure could have been prevented with a simple password requirement added to each bucket. His recommendation comes as a new survey by OneLogin finds that IT pros are failing to enforce password policies.
Accenture’s AWS S3 buckets contained internal access keys and credentials for use by the Identity API, plaintext

 

Brought to you by ITPro
Accenture left four Amazon Web Services (AWS) S3 buckets open and downloadable to the public, containing software for its Accenture Cloud Platform enterprise cloud offering and other sensitive internal data, security researchers said today.
The unsecured AWS S3 buckets were discovered by UpGuard security researcher Chris Vickery on Sept. 17, 2017, and revealed “significant internal Accenture data, including cloud platform credentials and configurations.” Credentials for Accenture’s Google and Azure accounts also appeared to be stored in one of the buckets, which could have far-reaching consequences in the hands of a malicious actor.
The servers were secured the next day after UpGuard Director of Cyber Risk Research Vickery notified Accenture.
The company, which provides consulting and professional services, is not the first to have had unsecured AWS S3 buckets discovered by UpGuard. Earlier this year, Vickery notified Verizon, and election data firm Deep Root Analytics about AWS S3 buckets open to the public, exposing tens of millions of customer and voter records, respectively.
In a blog post on Tuesday, Vickery said that this exposure could have been prevented with a simple password requirement added to each bucket. His recommendation comes as a new survey by OneLogin finds that IT pros are failing to enforce password policies.
Accenture’s AWS S3 buckets contained internal access keys and credentials for use by the Identity API, plaintext

 

(Bloomberg) — Squarespace Inc., which sells tools to help people create and maintain websites, will have its logo on the uniform of the New York Knicks this season.
Financial terms of the agreement weren’t disclosed by either the company or team, which is the latest to take advantage of the National Basketball Association’s new three-year pilot program that allows clubs to put sponsor logos on their jerseys.
See also: GoDaddy Teams with Toronto Raptors Big Man to Reach Small Businesses
The patch sponsorships have sold for $5 million and up, depending on the team, the market and the sponsor. The defending champion Golden State Warriors got $20 million a year in their deal with Rakuten Inc., which also has a jersey sponsorship deal with Spanish soccer club FC Barcelona.
The NBA ads measure 2.5 inches by 2.5 inches and are worn on a player’s left shoulder.
See also: Squarespace Turns into Registrar with Launch of Squarespace Domains
Squarespace ads are ubiquitous on hip podcasts like “This American Life.” It also produced a Super Bowl ad featuring actor John Malkovich earlier this year. Their competitors include Wix Inc., Weebly Inc. and WordPress creator Automattic Inc.
The jersey will debut when the Knicks, who traded All-Star Carmelo Anthony to Oklahoma City during the offseason, open the regular season Oct. 19 against the Thunder in a nationally televised game.
See also: IBM Cloud Powers Toronto Raptors’ War Room Heading into NBA Trade Deadline

 

GitLab has raised $20 million in Series C funding and added WordPress founder Matt Mullenweg to its board of directors, according to a Monday announcement.
The investment, led by Google Ventures (GV), will be used to build its capabilities into operations, and to provide a unified user experience for production and operations as part of its “Complete DevOps” vision.
Head of Product Mark Pundsack explained what GitLab’s plans for its unified solution in a recent blog post. It includes Auto DevOps, released in Beta with version 10.0, and is intended to “close the loop” of development and operations, automate processes, and reduce complexity.
“GitLab’s powerful momentum and scaling have a lot of parallels to Automattic and WordPress in their early days,” said Mullenweg. “WordPress had to battle a lot of competitors, and ultimately came out on top as a successful company on an open source business model. I hope to help GitLab achieve the same triumph. Fundamentally, I want to help create the kind of internet that I want to live in and I want my children to live in, one that reaches a global audience and one that is able to make a difference.”
Complete DevOps can benefit organizations by reducing the time taken switching tools with its single interface, and by encouraging collaboration and reducing the friction between development and operations with deep integration, according to the press release. It builds in the best practices of 100,000

 

More than half of organizations using cloud storage services like AWS S3 have inadvertently exposed one or more service to the public, according to new research released by cloud security company RedLock.
Worse, the number with exposed public cloud storage increased by 13 percent from 40 percent to 53 percent even as Amazon was specifically warning users to not misconfigure bucket Access Control Lists (ACLs).
The Cloud Security Trends report from RedLock’s Cloud Security Intelligence (CSI) team shows that 81 percent of organizations are not managing host vulnerabilities in the public cloud.
Call them careless or reckless, this kind of behavior makes it unsurprising that the RedLock CSI research showed 48 percent of PCI checks in public cloud environments fail.
“In our second Cloud Security Trends report, the RedLock CSI team found that organizations are still falling behind in effectively protecting their public cloud computing environments,” Gaurav Kumar, CTO of RedLock and head of the CSI team said. “As we’ve witnessed by recent incidents at organizations such as Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are real and cybercriminals are actively targeting information left unsecured in the public cloud. It’s imperative for every organization to develop an effective and holistic strategy now to protect their public cloud computing environment.”
The researchers found potentially compromised administrative user accounts at 38

© 2012 Webhosting news Suffusion theme by Sayontan Sinha