Blog | News

Latest Posts

A Technical Analysis of the Capital One Cloud Misconfiguration Breach

Josh Stella August 1, 2019

UPDATE: August 26, 2019Since posting this, AWS has made some public statements regarding the breach that shed some light on what likely happened. From their response to Senator Ron Wyden, AWS stated:"As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall installed by Capital One, exacerbated by permissions set by Capital One that were likely broader than intended. After gaining access through the misconfigured firewall and having broader permission to access resources, we believe a SSRF attack was used (which is one of several ways an attacker could have potentially gotten access to data once they got in through the misconfigured firewall." "As discussed above, SSRF was not the primary factor in the...

Featured Posts

3 Big Amazon S3 Vulnerabilities You May Be Missing Drew Wright May 21, 2020

Cloud Security for Newly Distributed Engineering Teams Drew Wright March 19, 2020

Cloud Infrastructure Drift: The Good, the Bad, and The Ugly Drew Wright February 6, 2019

Fugue Developer

Free Cloud Security for Engineers

Visualize your cloud infrastructure
Run policy checks and get feedback
Detect change and eliminate misconfiguration

Get Started with Fugue Today

It takes just 15 minutes to get up and running with Fugue and start moving faster in the cloud with confidence.

The Fugue SaaS platform secures the entire cloud development lifecycle—from infrastructure as code through the cloud runtime. Fugue empowers cloud engineering and security teams to prove continuous compliance, build security into cloud development, and eliminate cloud misconfiguration.

Trending Topics
Popular Blogs
Events
News
Resources

Popular Blogs

Five Steps to a Secure Cloud Architecture

Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with ultrasensitive..
An Introduction to Cloud Security for Infosec Professionals

As someone who has spent a long time in network and endpoint security and then moved to cloud security, I can sympathize with people with security backgrounds who want to learn more about the cloud..
9 Questions You Should Ask About Your Cloud Security

In order for business leaders and cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to..

Events

Masterclass

Webinar

Lunch N Learn

Category "news"

Latest Posts

A Technical Analysis of the Capital One Cloud Misconfiguration Breach

Featured Posts

Free Cloud Security for Engineers

Get Started with Fugue Today

Trending Topics

Cloud Security Posture Management

Infrastructure as Code and Security

AWS Cloud Security

Azure Cloud Security

Cloud Security for Google Cloud Platform

DevSecOps for Cloud Infrastructure Security

CIS AWS Foundations Benchmark

CIS Azure Foundations Benchmark

Fugue Best Practices Policy Framework

GDPR

HIPAA

ISO 27001

NIST 800-53

PCI

SOC 2 Cloud Compliance

Popular Blogs

Five Steps to a Secure Cloud Architecture

An Introduction to Cloud Security for Infosec Professionals

9 Questions You Should Ask About Your Cloud Security

Events

News

Fugue Extends Cloud Security Market Dominance in Customer Satisfaction, According to G2 Report

Snyk Acquires Fugue, Enters Cloud Security Market

Fugue Achieves AWS Security Competency Status

Fugue Leads Cloud Compliance Market in Customer Satisfaction, According to G2 Report

Fugue Leads Cloud Security Market in Customer Satisfaction, According to G2 Report

Fugue Adds Centralized Multicloud Security Visibility and Policy-Based Governance Capabilities

Fugue Adds AWS Well-Architected Framework to Its Policy as Code Engine for Full Life Cycle Cloud Security

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project

Fugue Announces Unified Infrastructure as Code and Cloud Runtime Security

Resources

Submit a Ticket

Documentation

Pricing

API

Guarantee

Login

Contact Us

Security

Privacy Policy

Careers

Schedule Demo

Product Videos

Press

Events

Library

Category
"news"