Blog

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

Blog | My Mom is Sick and Tired of Your Weak S3 Bucket Policies

My Mom is Sick and Tired of Your Weak S3 Bucket Policies

Cloud security has headlined so many stories over the past year that the term “leaky S3 bucket” even rolls off the tongue of my mother with ease and accuracy. Indeed, S3 bucket issues have become almost shorthand for the vulnerabilities that IT infrastructures face in the cloud, but they highlight just one problem among an […]

Read More…

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

We just looked at 2 billion #cloud events

I Just Looked at 2 Billion Cloud Events. Here’s What I Found.

Photo by Jase Ess on Unsplash Our relationship with Lacework customers usually starts with a 30-day trial of our solution. Going in to it, they typically acknowledge lack of necessary visibility into their cloud environment. They also, however, tend to massively discount the reality of threats and risks to which they’re exposing their users and data. It’s not […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Amazon Web Services

Lacework Announces New Capabilities Enabling AWS Customers to Rapidly Implement Security Best Practices and Proactively Identify S3 Buckets at Risk

Mountain View, Calif. – November 15, 2017 – Lacework, the industry’s first solution to bring automation, speed, and scale to cloud security, today announced new features that enable Amazon Web Services (AWS) customers to easily and continuously maintain an AWS cloud configuration that is compliant with proven security best practices. Lacework now automatically reports on […]

Read More…