Security News
The growing awareness of cloud misconfigurations comes at a time of huge growth in cloud platforms. On one hand, 87 percent said they were fully or mostly in control of their remote working environment, with 51 percent crediting the acceleration of cloud migration as an influence that had improved their security best practice.
Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. Western Digital advises customers to protect their data from attackers after the firmware is no longer supported by backing up their devices, disabling remote access, disconnecting it from the internet, and choosing a unique and strong password.
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. Why are ransomware and the supply chain coming together? Historically, what started out as nation-state techniques make their way into pen-testing and red teaming tools and eventually become commoditized in attacks undertaken by hackers seeking profit.
With 80% of organizations now using a mix of cloud and on-premises database environments, the survey shows that the focus of data professionals is shifting to addressing the difficulties of migrating to the cloud ahead of improving the performance of their database estates. There is not one cloud there are many, with the 2021 State of the Cloud Report from Flexera revealing that organizations now use an average of 2.6 public clouds and are experimenting with an additional 1.1.
We're experiencing yet another incident in which cyberattacks can affect the real world: UKG, makers of payroll and HR software, have reported a ransomware attack that has taken its Kronos Private Cloud offline, and may result in it staying that way for weeks to come. In a statement about the outage, UKG said that it has no estimated time of resolution, that its backups aren't available until they "Determine the best approach" to restoration.
The CIS Foundations Benchmarks are a part of the family of cybersecurity standards managed by CIS. CIS Benchmarks are consensus-based, vendor-agnostic secure configuration guidelines for the most commonly used systems and technologies. The CIS Foundations Benchmarks are intended for system and application administrators, security specialists, auditors, help desk, platform deployment, and/or DevOps personnel who plan to develop, deploy, assess, or secure solutions in the cloud.
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.
The cloud services market size was valued at $264.80 billion in 2019, and is projected to reach $927.51 billion by 2027, growing at a CAGR of 16.4% from 2020 to 2027, according to ResearchAndMarkets. The services provided by the cloud computing technology are referred to as cloud services.
Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. The flaws are in the USB Over Ethernet function of the Eltima SDK, not in the cloud services themselves, but because of code-sharing between the server side and the end user apps, they affect both clients - such as laptops and desktops running Amazon WorkSpaces software - and cloud-based machine instances that rely on services such as Amazon Nimble Studio AMI, that run in the Amazon cloud.
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "Unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researchers said in a report shared with The Hacker News.