Security News

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

The survey revealed that as data becomes more complex, and data rules and regulations expand and evolve, new challenges such as data privacy, security, and quality have emerged that threaten to hinder data initiatives. Further, the survey revealed that sensitive data use is on the rise, and the tasks associated with managing sensitive data - data cataloging, data discovery, and access control - are the most challenging.

Similar to last year's results, cloud adoption has continued to grow, but cost and regulatory requirements are two major challenges cited by respondents. Given the events of the COVID-19 pandemic, one might have expected a bigger spike in cloud adoption to support remote and hybrid work environments.

Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.

The Microsoft Detection and Response Team says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking.

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

Much is made of shared responsibility for cloud security. Some of this migration is to public clouds such as Amazon Web Services and Microsoft Azure.

Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.

An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives - in games and embedded in the internet of things - the bug potentially endangers the millions of monthly gamers who play video games such as Counter-Strike: Global Offensive and Portal 2, as well as cloud services such as the Twilio Electric Imp IoT platform, with its ready-to-use open-source code library.

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel.