Security News > 2020 > June
A report released Wednesday by security provider IBM X-Force describes the types of threats that impact cloud security and how companies can better protect their cloud-based assets. Based on a survey of senior business and IT professionals, IBM's "2020 Cloud Security Landscape Report" found that while the cloud can empower certain business and technology capabilities, the type of ad-hoc management of cloud resources is causing increased complexity for IT and security staffs.
More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products. Dual EC DRBG was known to contain a backdoor introduced by the NSA, which led some to speculate that the NSA may have planted the unauthorized code in Juniper products, while others said it could have been the work of a foreign government.
The critical flaws exist in Intel's Active Management Technology, which is used for remote out-of-band management of personal computers. The two critical flaws exist in the IPv6 subsystem of AMT. The flaws could potentially enable an unauthenticated user to gain elevated privileges via network access.
UK-based infosec outfit Keepnet Labs left an 867GB database of previously compromised website login details accessible to world+dog earlier this year - then sent lawyers' letters to bloggers in a bid to erase their reports of its blunder. As reported by news website Verdict, Keepnet was stung by Diachenko's initial post about the gaffe, which Keepnet interpreted as the blogger blaming the business for leaking its own customers' data - none of its own clients' data was exposed, but rather info from previous publicly known database exposures.
At least a dozen bogus "Contact tracing" apps designed to look like official software to track coronavirus infections have been deployed globally to spread malware and steal user data, security researchers said Wednesday. Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads.
One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block protocol bug that could allow an attacker to leak kernel memory remotely, without authentication. Called SMBleed and tracked as CVE-2020-1206, the vulnerability could be chained with SMBGhost, a flaw addressed in March 2020, to achieve pre-authentication remote code execution, security researchers with ZecOps reveal.
Looking back on this phone call, what irked me the most? It wasn't that a mistake had been made - that happens from time to time. Regardless of what goes wrong, the right attitude goes a long way towards helping stakeholders regain confidence in the security team and the security program it is running.
The most important of these patches are two Hot News Security Notes addressing critical vulnerabilities in SAP Liquidity Management for Banking and SAP Commerce. Also rated Hot News and featuring a CVSS score of 9.8 is a Security Note addressing hard-coded user credentials in SAP Commerce and SAP Commerce Data Hub.
VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products. The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.
Researchers with Positive Technologies say that a legacy standard known as GPRS Tunneling Protocol is the culprit behind security issues that will leave many of the early 5G networks open to attacks such as spoofing, man-in-the-middle, and denial of service. Introduced during the earliest upgrades to 2G broadband networks and used through the current 4G standard, GTP allows for data packet transfer between various wireless networks and carriers.