This Week in Security News: Cloud Risks and Container Vulnerability

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about this year’s current uses and emerging risks of the cloud. Also, find out what new vulnerability was found in containers.

Read on: 

Attacking Containers and runC

This week a new vulnerability was published that highlights the biggest security weakness of containers: they are loosely isolated sharing the same host operating system.  

Doomsday Docker Security Hole Uncovered

A security vulnerability has been disclosed for a flaw in RunC, Docker and Kubernetes’ container runtime, which can be used to attack any host system running containers.

The Cloud in 2019: Current Uses and Emerging Risks

While the power of the cloud and benefits like flexibility and productivity are continuing to grow, there are some risks to be aware of. 

Cyber threats to utilities on the rise, firm warns

Cybersecurity risks to utilities’ systems increased in 2018, with more intrusions into those networks and malware that infected those systems, according to a new report from a threat assessment firm released Thursday.

Most Companies Anticipate a Critical Breach in 2019, CISOs Need to Prioritize Threats

80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year, according to Trend Micro’s Cyber Risk Index (CRI).

Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners

While conducting a routine log check, Trend Micro noticed an interesting script from one of our honeypots downloading a binary connected to a domain.  

Credential Stuffing Attacks–Yet Another Security Concern for Consumers

In a credential stuffing data breach, hackers automatically feed thousands or millions of username and password combinations obtained from other breaches into a website in order to fraudulently gain access to user accounts. 

Coffee Meets Bagel Announces a Data Breach on Valentine’s Day

Dating app Coffee Meets Bagel announced that an unauthorized party gained access to an undisclosed amount of user data, but didn’t make off with any sensitive information like credit card numbers or passwords.

Windows App Runs on Mac, Downloads Info Stealer and Adware

Trend Micro found EXE files in the wild delivering a malicious payload that overrides Mac’s built-in protection mechanisms such as Gatekeeper.

Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess

Two weeks out from the longest government shutdown in United States history, government employees are still scrambling to mitigate impacts on federal cybersecurity defenses. 

Banks Under Attack: Tactics and Techniques Used to Target Financial Organizations

Trend Micro dives into the cybercriminal underground to see how the tactics and techniques used to attack financial organizations have changed over the years. 

The Great Equifax Mystery: 17 Months Later Experts Are Starting to Suspect a Spy Scheme

The location of data that disappeared during the Equifax breach in 2017 has remained a mystery, and the prevailing theory today is that the data was stolen by a nation-state for spying purposes, not by criminals looking to cash in on stolen identities.

Are you surprised that a nation-state is theorized responsible for the Equifax breach? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Read More HERE