I published the following diary on isc.sans.edu: “Sensitive Data Shared with Cloud Services“: Yesterday was the data protection day in Europe. I was not on duty so I’m writing this quick diary a bit late. Back in 2020, the Nitro PDF service suffered from a data breach that impacted many
[SANS ISC] When Security Controls Lead to Security Issues
I published the following diary on isc.sans.edu: “When Security Controls Lead to Security Issues“: The job of security professionals is to protect customers’ assets and, even more, today, customers’ data. The security landscape is full of solutions that help to improve security by detecting (and blocking) threats knocking on the
[SANS ISC] Reminder: Beware of the “Cloud”
I published the following diary on isc.sans.org: “Beware of the “Cloud”“: Today, when you buy a product, there are chances that it will be â€œconnectedâ€ and use cloud services for, at least, one of its features. Iâ€™d like to tell you a bad story that I had this week. Just
[SANS ISC] Phishing Kit (Ab)Using Cloud Services
I published the following diary on isc.sans.org: “Phishing Kit (Ab)Using Cloud Services“: When you buildÂ a phishing kit, they are several critical points to address. You must generate a nice-looking page which will match as close as possible to the original one and you must work stealthily to not be blocked
Am I Affected by Cloudbleed?
Yesterday, Cloudflare posted an incident report on their blog about an issue discovered in their HTML parser. A very nice report which is worth a read! As usual, in our cyber world, this vulnerability quickly received a nice name and logo: “Cloudbleed“. I’ll not explain in details the vulnerability here,
Keep an Eye on Your Amazon Cloud with OSSEC
The Amazon conference “re:Invent” is taking place in Las Vegas at the moment. For a while, I’m using the Amazon cloud services (EC2) mainly to run lab and research systems. Amongst the multiple announcements they already made during the conference, one of them caught my attention: “CloudTrail“. Everything has already
There is one fact with humans: once they took some habits (in this case – bad habits), it’s very difficult to ask them change their behavior! It’s even true in information security. Today, we have access to plenty of awesome online applications which help us in our day-to-day activities. Thank
Should Dropbox & Co be Killed?
I’m a big fan of the Dropbox application for a while. Dropbox helps you to synchronize your files within a personal deposit located in the cloud. If you have multiple Dropbox clients configured, your files will be instantly synchronized between all your devices when they come online. I use it
Send Events Safely to the Loggly Cloud
I received my Loggly beta account (thanks to them!) a few days ago and started to test this cloud service more intensively. I won’t explain again what is Loggly, I already posted an article on this service. For me, services like Loggly are the perfect cloudÂ examples with all the
All Your Logs are Belong to the Cloud…
Ever heard of Loggly? This is a new cloud service which presents itself as “Logs Made Easy“. I’ll not come back on the definition of cloud computing, its benefits and issues. If you are looking for interesting information about this topic, I suggest you to visit Craig Balding’s blog cloudsecurity.org.