Security News > 2021 > September

Four Microsoft zero-day vulnerabilities in the Azure cloud platform's Open Management Infrastructure - a software that many don't know is embedded in a host of services - show that OMI represents a significant security blind spot, researchers said. Though Microsoft patched them this week in its monthly Patch Tuesday raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code - particularly open-source code - on their systems that allows for exploitation, researchers said.

After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. Users are able to switch on the feature by visiting their Microsoft account's Advanced Security Options, then Additional Security.

With a little work, people can often recreate your identify from these remaining data points. Data brokers readily selling location access data without the owners' knowledge amplifies the dangers.

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. Travis CI is a hosted CI/CD solution used to build and test software projects hosted on source code repository systems like GitHub and Bitbucket.

New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The disclosure comes weeks after NETGEAR released patches to address the vulnerabilities earlier this month, on September 3.

From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex's name and birthday to access the Windows giant's services. That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox.

Ultimately, the issue of national security hangs in the balance, and the best way to ensure we stay ahead of the curve is by using the cloud to "Digitally overmatch" our opponents and unlock the full potential of digital transformation. The cloud offers the ability to hyperscale in real time.

Bot attack volumes grew 41% year over year with human-initiated attacks falling 29%, according to a report from LexisNexis Risk Solutions. The report confirms earlier trend patterns showing the financial services industry and media businesses bear the brunt of increased automated bot network attacks.

The survey polled more than 175 CAEs across a range of industries, uncovering five key trends respondents believe will have long-term impacts on internal audit teams - from an increased reliance on technology to innovative new ways of conducting audits. By all accounts, audit, risk, and compliance professionals have embraced video platforms not only for meetings between members of the internal audit staff, but also for meetings and other face-to-face interaction throughout the audit process and communications with key stakeholders.

A study from Juniper Research has found the global value of the CPaaS market will exceed $10 billion for the first time in 2022; rising from $8.6 billion in 2021. The research identified the development of CDPs as a key service that will increase the significance of a CPaaS platform by providing actionable insights into end user preferences, such as contact time, contact channel and upselling opportunities.