Nightfall’s Cloud Security Newsletter 2/18/20

Stories from Our Blog

Webinar: How to Detect Credentials & Secrets in Code Repositories with Machine Learning

Join us tomorrow, Wednesday February 19 at 11 AM PST for a live webinar on how you can easily determine if your repositories are leaking credentials, API keys, and other secrets while avoiding false positives. You can register here

[Read More]

Announcement: Nightfall Will be Attending BSidesSF & RSA Conferences in February

We're excited to announce that we're sponsoring both BSides San Francisco and RSA 2020. If you're attending, come stop by, we'd love to meet you. If you don't have passes to RSA, learn more about our expo pass offer.

[Read More]

How Data Discovery and Classification Can Help Secure PII

Data discovery provides security teams with data visibility, or the ability to know where sensitive data is and whether its in use. Learn about the most important features in a data discovery tool and how these can be leveraged to secure your data.

[Read More]

Incidents in the Cloud

Google Photos Leak Poses Enterprise Threats

A recent Google Photos data leak underscores the fact that any company is subject to technical issues, software glitches and employee mistakes. Some users were surprised to learn that despite proactively taking strong security measures across its product lines, Google slips up too.

[Read More]

US Education Non-Profit Leaks Data on Thousands of Students

A US education non-profit appears to have unwittingly leaked the personal information of thousands of students after leaving two online MongoDB databases exposed. The privacy snafu was discovered by noted researcher Bob Diachenko and affected the Institute of International Education (IIE), an organization set up to promote educational and cultural exchanges with other countries.

[Read More]


Prison inmates’ sensitive data left exposed on leaky cloud bucket

Researchers at VPNMentor have uncovered a data leak that has exposed prescription records, mugshots, and other sensitive information related to an unknown number of inmates. On January 3, the researchers found that over 36,000 PDF files had been exposed on an unsecured Amazon Web Services S3 bucket (natch) used by JailCore, a cloud-based app used by several US states correctional facilities.

[Read More]


Trello App Exposes Personally Identifiable Information of its Users

Craig Jones, global cybersecurity operations director at Sophos, has discovered that Trello, an app used for organizing personalized to-do lists and coordinating team tasks, exposed the personally identifiable information (PII) data of its users who made their Trello boards “public.”

[Read More]

Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes

An Amazon Web Services (AWS) engineer last month inadvertently made public almost a gigabytes worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.

[Read More]

Gizmodo UK

No big deal, Rogers, your internal source code and keys are only on the open web. Don’t hurry to take it down

Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian ISP Rogers have been found sitting on the open internet. The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered the front-end for various parts of

[Read More]

The Register

Strategies for Securing the Cloud

Seven cybersecurity and privacy forecasts for 2020

Learn about seven growing areas of concern within the world of cybersecurity and why they matter for 2020 and beyond.

[Read More]

Why Leaky Clouds Lead to Data Breaches

This past summer, we witnessed yet another massive data breach due to a misconfigured AWS cloud instance, and hundreds of thousands of Capital One’s customers’ Social Security and bank account numbers were exposed as a result. Smaller-scale data breaches like this occur frequently, and unfortunately, we’re bound to see more of these breaches in the future even though they’re easy to avoid.

[Read More]


Deriving best practices from a security-first, cloud native mindset

A security-first mindset, coupled with a cloud native mindset, can provide a great starting point for organisations wanting to migrate to the cloud securely by offering insight into some of the most important best practices for building a robust and securable cloud architecture.

[Read More]

IT Pro Portal

NSA Offers Advice on Securing Clouds

The National Security Agency issued an advisory with technical guidance for procuring and securing systems reliant on cloud service providers amid a push for the government to adopt the technology.

[Read More]

Acquisition Teams