Few things rival the usability and speed of a full-sized keyboard for text input. For decades, though, keyboards were mostly wired, which can limit where you use your favorite one. To address this, [KoStard]’s latest project uses an ESP32 to bridge a USB keyboard to BLE devices.

The ESP32-S3 packs a ton of fantastic functionality into its small size and low price—including USB-OTG support, which is key here. Taking advantage of this, [KoStard] programmed an ESP32-S3 to host a keyboard over its USB port while connecting via BLE to devices like cellphones.

There are some slick tricks baked in, too: you can pair with up to three devices and switch between them using a key combo. Some of you might be wondering how you can just plug a microcontroller into a keyboard and have it work. The truth is, it doesn’t without extra hardware. Both the keyboard and ESP32-S3 need power. The simplest fix is a powered USB hub: it can be battery-powered for a truly mobile setup, or use a wired 5V supply so you never have to charge batteries.

We love seeing a simple, affordable microcontroller extend the usefulness of gear you already have. Let us know in the comments about other hacks you’ve used to connect keyboards to devices never designed for them.

There’s a famous book that starts: “It is a truth universally acknowledged that a man in possession of a good e-ink display, must be in want of a weather station.” — or something like that, anyway. We’re not English majors. We are, however, major fans of this feline-based e-ink weather display by [Jesse Ward-Bond]. It’s got everything: e-ink, cats, and AI.

AI? Well, it might seem a bit gratuitous for a simple weather display, but [Jesse] wanted something a little more personalized and dynamic than just icons. With that in the design brief, he turned to Google’s Nano Banana API, feeding it the forecast and a description of his cats to automatically generate a cute scene to match the day’s weather.

That turned out to not be enough variety for the old monkey brain, so the superiority of silicon — specifically Gemini–was called upon to write unique daily prompts for Nano Banana using a random style from a list presumably generated by TinyLlama running on a C64. Okay, no, [Jesse] wrote the prompt for Gemini himself. It can’t be LLM’s all the way down, after all. Gemini is also picking the foreground, background, and activity the cats will be doing for maximum neophilia.

Aside from the parts that are obviously on Google servers, this is all integrated in [Jesse]’s Home Assistant server. That server stores the generated image until the ESP32 fetches it. He’s using a reTerminal board from SeedStudio that includes an ESP32-S3 and a Spectra6 colour e-ink display. That display leaves something to be desired in coloration, so on top of dithering the image to match the palette of the display, he’s also got a bit of color-correction in place to make it really pop.

If you’re interested in replicating this feline forecast, [Jesse] has shared the code on GitHub, but it comes with a warning: cuteness isn’t free. That is to say, the tokens for the API calls to generate these images aren’t free; [Jesse] estimates that when the sign-up bonus is used up, it should cost about fourteen cents a pop at current rates. Worth it? That’s a personal choice. Some might prefer saving their pennies and checking the forecast on something more physical, while others might prefer the retro touch only a CRT can provide. 

EXECUTIVE SUMMARY:

Organizations leverage cloud computing to reduce compute costs and to rapidly provision new computing resources for the purpose of supporting evolving business needs. Cloud-based technologies provide opportunities to go-to-market quickly, allowing enterprises to reach stakeholders and customers faster than ever before.

Across the past 10 years, cloud computing has transformed from into a cornerstone of the IT industry, boosting power of virtualization, storage, hosting and other networking services. Nonetheless, the cloud environment is vulnerable to cyber attacks. In 2021, forty percent of organizations reported cloud security breaches.

Below are five cloud security breach examples and lessons that all organizations can benefit from.

5 cloud security breaches (and lessons)

1. Accenture. In August of 2021, Accenture fell prey to a LockBit ransomware attack. The culprits claimed to have stolen 6TB worth of data, for which they requested a ransom of $50 million.

The largest exposed server appeared to contain credentials linked to Accenture customer accounts. One backup database contained nearly 40,000 passwords – the majority of which were in plain text.

“This cloud leak shows that even the most advanced and secure enterprises can expose crucial data and risk serious consequences,” wrote security researcher Chris Vickery.

Lesson learned: Ensure that IT departments and/or cyber security personnel check to ensure correct configuration of AWS cloud servers. Attacks on misconfigured servers can cause extreme reputational, client and financial damage.

2. Kaseya. In July of 2021, IT solutions provider Kaseya identified an attack on their unified remote monitoring and network perimeter security tool. The attackers aimed to steal administrative control for Kaseya services; from managed service providers to downstream customers.

The attack itself disrupted the organization’s SaaS servers and affected on premise VSA solutions used by Kaseya customers across nearly a dozen countries. After Kaseya alerted customers about the attack, it then rolled out the Kaseya VSA detection tool, which enabled business users to analyze VSA services and to screen endpoints for indicators of vulnerability.

Lessons learned: From this attack, organizations observed the importance of maintaining updated backups in easily retrievable, air-gapped repositories that remain segregated from organizational networks. Businesses are also reminded to manage patches, implement multi-factor authentication, and follow principles of zero trust.

3. Cognyte. In May of 2021, the cyber analytics firm Cognyte left a database unsecured without authentication protocols. In turn, hackers managed to expose 5 billion records. Information such as names, email addresses, passwords, and vulnerability data points within their system were leaked. Information was even indexed by search engines.

Lessons learned: The company managed to secure the data within four days, but the incident highlighted how persistent cyber attackers can effectively exploit the smallest of flaws. In this instance, the importance of cyber attack prevention cannot be overstated. Prevent as many attacks as possible through a combination of policies, tools, education and vigilance.

4. Facebook. In April of 2021, Facebook reported a breach affecting hundreds of millions of user records, which were publicly exposed on Amazon’s cloud computing service. Although Facebook confirmed that it identified and resolved the issue immediately, the attack managed to impact founder Mark Zuckerberg.

In precipitating the incident, two third-party Facebook app development companies posted the records in plain sight. The database exposed contained private information that social engineers could use in targeted attacks or within hacking attempts.

Lessons learned: In resolving this issue, Facebook reached out to Amazon, which took down the exposed servers. “…If you’re still opening AWS buckets [to the public], you’re not paying attention,” says business advisor Corey Quinn.

5. Raychat. In February of 2021, Raychat, an online chat application, survived a large-scale cyber attack. A cloud database configuration breach gave hackers free access to 267 million usernames, emails, passwords, metadata and encrypted chats. Shortly thereafter, a targeted bot attack erased the entirety of the company’s data.

According to reports, a MongoDB misconfiguration left the data openly available. The attack highlighted how NoSQL databases can function as easy targets for bot threat actors.

Organizations need to ensure that databases are secure. NoSQL databases in particular represent targets for malicious actors who wish to steal or wipe content, unless given a ransom payment. In Raychat’s case, a README ransom note appeared, demanding roughly $700 USD.

Lesson learned: Database security requires a range of tools controls and measures that can protect the database itself, the actual data embedded within, its database management system and the assorted applications that access it. End-to-end compliance technologies and cybersecurity penetration tests can help.

In closing

Cloud computing increases operational efficiency and simplicity, provided that security measures are in place. Is your cloud secure enough?

Be sure to avoid AWS security breaches and other common stumbling points. For more cloud security insights, please see CyberTalk.org’s past coverage. Also, be sure to check out our Cloud Security Buyer’s Guide.

The post Top 5 cloud security breaches (and lessons) appeared first on CyberTalk.

The post 7 biggest security news of 2017 appeared first on Detectify Blog.

The post AWS S3 Misconfiguration Explained – And How To Fix It appeared first on Detectify Blog.