A high percentage of companies using AWS cloud services have at least one critical security misconfiguration according to a new survey. Cloud security company Threat Stack has analyzed more than 200 companies using AWS and found number of well-documented security misconfigurations. Among the most serious are AWS Security Groups configured to leave SSH wide open to the internet in 73 percent of the companies analyzed. This simple configuration error allows an attacker to attempt remote server access from anywhere, rendering traditional network controls like VPN and firewalls ineffective. Threat Stack also observed SSH traffic from the internet using the root account,…
[Continue Reading]