This Week in Security News: Cloud Risks and Container Vulnerability

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about this year’s current uses and emerging risks of the cloud. Also, find out what new vulnerability was found in containers. Read on:  Attacking Containers and…
The post This Week in Security News: Cloud Risks and Container Vulnerability appeared first on . Read More HERE…

Read more

Don’t Blame Employees who fall for a BEC scam!

The BBC reports that a media company based in Scotland is now suing a former employee who fell for a Business Email Compromise (BEC) scam. In the scam, the employee received emails which appeared to be from the managing director and requested wire transfers. The employee worked with her line manager on the first payment…
The post Don’t Blame Employees who fall for a BEC scam! appeared first on . Read More HERE…

Read more

IoT providers need to take responsibility for performance

Last year saw the continued growth of enterprises adopting internet of things solutions, with companies harnessing the power of wireless data collection, analytics and connectivity to enhance productivity and efficiency in ways we could previously not imagine.Analysts expect corporate spending on IoT in the U.S. to approach $200B in 2019, with global spending exceeding $800B. As adoption has grown, privacy and security advocates have called for regulating IoT to enhance personal privacy and to strengthen the security of IoT devices and services.To read this article in full, please click here(Insider Story) READ MORE HERE…

Read more

That VPN may not be as secure as you think

If you’re a VPN subscriber and have ever wondered just how secure the supposedly encrypted pipe that you’re using through the internet is — and whether the anonymity promise made by the VPN provider is indeed protecting your privacy— well, your hunches may be correct. It turns out several of these connections are not secure.Academics say they’ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently. The configuration bungles “allowed Internet traffic to travel outside the encrypted connection,” the researchers say.The independent research group, made up of computer scientists from UC San Diego, UC Berkeley, University of Illinois at Chicago, and Spain’s Madrid Institute of Advanced Studies (IMDEA) with International Computer Science Institute, write in the Conversation this month, some of which is redistributed by Homeland Security Newswire, that six of 200 VPN services also scandalously monitored user traffic. That’s more serious than unintended leaks, the team explains — users trust providers not to snoop. The point of a VPN is to be private and not get monitored. VPN use ranges from companies protecting commercial secrets on public Wi-Fi to dissidents.To read this article in full, please click here READ MORE HERE…

Read more

The Cloud in 2019: Current Uses and Emerging Risks

In the current tech landscape, one would be hard-pressed to find an organization that operates without the help of cloud environments and capabilities. From data storage and document sharing to enabling remote access and communication, the cloud represents the most critical linchpin of today’s IT-focused business processes. What’s more, the power of the cloud is…
The post The Cloud in 2019: Current Uses and Emerging Risks appeared first on . Read More HERE…

Read more

Attacking Containers and runC

This week a new vulnerability was published (CVE-2019-5736) that highlights everything bad and good about containers. Simply put, this vulnerability can be exploited using an infected container to attack the host. It’s a real world example of a breakout attack that has long been a major concern in virtualized and container environment. Here, the attack…
The post Attacking Containers and runC appeared first on . Read More HERE…

Read more

Cyber Risk Index – A Guide for CISOs and IT Security

Trend Micro has partnered with the Ponemon Institute to develop a new Cyber Risk Index (CRI), which is intended to help CISOs and their IT Security teams better understand the current cyber risk compared to similar businesses of their size and industry. The CRI is based on a survey conducted by Ponemon to more than…
The post Cyber Risk Index – A Guide for CISOs and IT Security appeared first on . Read More HERE…

Read more

Red Hat announces container flaw CVE-2019-5736

Red Hat announced a vulnerability this morning – one that can be exploited if a user runs malicious or modified containers. The flaw in runC (a lightweight portable container runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system. That might sound bad, but there’s more.The good news is that this vulnerability cannot be exploited if SELinux is enabled and that this is the default on Red Hat systems. To check whether your Red Hat system is enforcing SELinux, use one of the following commands:$ /usr/sbin/getenforce
Enforcing <==

$ sestatus
SELinux status: enabled <==
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

[ Read also: Linux hardening: A 15-step checklist for a secure Linux server ]
This vulnerability also requires local access to the system. Affected Red Hat systems include:To read this article in full, please click here READ MORE HERE…

Read more

This Week in Security News: Consumer Data and Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what security issues and critical threats will impact consumer data this year. Also, learn about a malicious Adobe app targeting macOS systems. Read on:  Keys to…
The post This Week in Security News: Consumer Data and Malware appeared first on . Read More HERE…

Read more

SD-WAN creates new security challenges

SD-WAN products have been available for the better part of five years. Early adopters of the technology focused primarily on transport-related issues such as replacing or augmenting MPLS with broadband. As any technology matures and moves out of the early adopter phase, the buying criteria changes — and SD-WAN is no different.In 2018, a ZK Research survey asked respondents to rank SD-WAN buying criteria, and security came out as the top response, well ahead of technology innovation and price. (Note: I am employee of ZK Research.) To better understand this trend and what it means to network professionals, I sat down with Fortinet’s executive vice president of products and solutions, John Maddison, who sets the company’s product strategy, making him well versed in both SD-WAN and security.To read this article in full, please click here READ MORE HERE…

Read more