Security News > 2021
Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto and Austin will run the exploits. The car is being offered to those who participate in the automotive category.
Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. Following disclosure to Microsoft, the Windows maker is said to have "Determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host."
As companies migrate to the cloud to take advantage of its scalability and flexibility, many don't fully realize how this move will affect their compliance with cybersecurity and privacy requirements mandated by laws and standards such as SOX, CCPA, SOC 2, PCI DSS or ISO 27001. While the cloud offers significant freedom, it also creates new pain points around achieving compliance with these requirements, especially when first moving compliant workloads from on-premises data centers to the cloud.
One of the most impactful professional experiences within my time at Salesforce was a move I made to become the Global Senior Vice President Customer Adoption, Marketing and Business Development. These days I'm hyper focused on anticipating what the customer needs and that role allowed me to spend my entire day thinking about the customer, their experience and the entire lifecycle from end-to-end.
Newly discovered security vulnerabilities in ADT's Blue home security cameras could have been exploited to hijack both audio and video streams. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020.
The survey report also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams. Survey findings-gathered in Q3 2020 from 1,873 professionals who work in data privacy or have knowledge of their organizations' data privacy functions-show some positive trends for those enterprises who report they always use privacy by design.
Cloud migration is a journey - Most companies are in the early stages of moving to the cloud and application migrations to the cloud will be performed over multiple years. The cloud migration services market is expected to grow - Due to lack of skilled internal resources, most companies plan to outsource core cloud migration services.
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet.
With evolving tactics that increase the risk and impact of ransomware and phishing, combined with the new normal of remote workforces, Cyberinc CEO Samir Shah believes that remote browser isolation will prove its value as a critical must-have enterprise technology in 2021. "Isolation-based security technologies are gaining prominence as more companies realize the value they deliver in bolstering cyber defenses with minimal investment," he continued.
"Despite the challenges of accelerated digital transformation timelines, this year has provided many lessons for IT and business leaders. One of the most important being the optimization of the best management and security practices for our cloud-native future of working-from-anywhere." 83% of IT leaders with in-house security teams are now considering outsourcing their security efforts to an MSP in 2021.