0xCBE

joined 1 year ago
MODERATOR OF
 

Not really technical, but gives some pointers to wrap your head around the problem

 

"Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.

TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.

As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included. "

 

"database [...] specifically designed for organizations that rely on AI for their operations, providing them with a comprehensive and up-to-date overview of the risks and vulnerabilities associated with publicly available models."

 

This is an excellent series on container security fundamentals by Rory McCune who is a bit of an authority in this field:

 

Very useful collection of security incidents involving public clouds

 

(I am not fond on vendor's blogs as the signal to noise ratio is very low, since they are written to please search engines more than engineers... but Scott Piper gets a pass.)

I found this insightful, access keys are such a liability that is better to tame as early as possible. Fixing the problem a scale is a lot more challenging.

 

Hi all, I am the moderator of r/cloudsecurity

Following the reddit controversy I've closed the subreddit and started moving it here.

You are very welcome to join and contribute!

view more: ‹ prev next ›