Morning Security Brief: Cloud Security Flaw, Airport Security, Investigating Worker's Comp, and More
Hackers reveal a major flaw in cloud security. Private pilots in Denver say federal security regulations stifle business. Government agencies use surveillance to investigate worker's comp. And more.
►It took consultants from Pure Hacking less than a day to take over a major cloud provider’s network during recent penetration testing ordered by the company. Once hackers were in, they not only had access to the unnamed company’s data, they had access to data from any company in the cloud. “Pure Hacking was also able to bypass virtual access controls to gain unauthorized access to other virtual networks within the
cloud environment. This allowed it to connect to other companies' servers hosted in the cloud,” The Sydney Morning Herald reports. Gartner predicts that by 2016, 40 per cent of companies will make proof of independent security testing a pre-condition for using any type of cloud service.
►Private pilots in Denver say federal regulations to secure airports have gone too far after their businesses and hangars were put behind locked gates at Grand Junction Regional Airport. Now pilots must go through several gates that require biometric badges while visitors require an escort to get in to the aviation museum. “Airport officials have said the fence was necessary to comply with federal airport security requirements adopted in 2008,” the Denver Post reports. “At other airports around the country, badge entrances have been placed on buildings, not on fences that cut off the buildings to the public,” Craig Spence, of Aircraft Owners and Pilots Association, told the Post.
►As part of a broader review of workers' compensation fraud, a half-dozen agencies use video surveillance to investigation workers' comp claims, a recent GAO report revealed. For example, TSA has an internal affairs unit to review potential fraud and make referrals to investigators, who in turn conduct video surveillance, according to the GAO. Other agencies, however, said they that they don’t normally invest resources to investigate workers’ compensation fraud, citing higher priority areas such as violent crime and anti-terrorism, the Washington Times reports.
► The British Information Commissioner’s Office started an investigation earlier this year to determine how spammers obtained millions of mobile customer phone numbers to launch a massive SMS spam campaign. ♦ For the next two weeks, troops in Cameroon, Senegal, Nigeria, Liberia, and Uganda will participate in a maritime security training program piloted and funded by the United Sates, the Cameroon Tribune reports. ♦ And the government seized a music blog under charges it now admits were false.