Security News

"Cloud-native is no longer just a bold new idea for most organizations, it's a reality. Enterprises have increasingly adopted cloud-native apps over the past couple years to achieve faster development cycles, greater scalability and less vendor lock-in. But their DevOps and NetOps teams are facing some serious security and networking hurdles they just didn't anticipate," said Mark Weiner, CMO, Volterra. While over half of organizations are using Kubernetes in some capacity, security and networking challenges are preventing them from using Kubernetes widely across business apps, with only 10% of organizations running half or more of their business apps on it.

PagerDuty is one of four Amazon DevOpsGuru Launch Partners, further extending its longstanding relationship with AWS. Through this new integration, PagerDuty will automatically ingest observability data from Amazon DevOps Guru. PagerDuty consolidates these digital health signals and alerts, and uses AIOps to contextualize and filter out the noise so teams can remediate issues in real-time, and customers can ensure critical business services get delivered.

Container security company Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and found that over half of them had critical vulnerabilities and thousands of images included malicious or potentially harmful elements. The cybersecurity firm used its Prevasio Analyzer service to analyze all the container images on Docker Hub, the largest library and community for container images.

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November in the form of an out-of-band security patch.

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago. Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.

The Internet Society and the Internet Engineering Task Force announced a new long term strategic agreement that will ensure the continuity of the IETF's critical work in creating open standards that make the Internet work better. The Internet Society provided the organisational home for the IETF until 2018 when the IETF Administration LLC was formed to support its ongoing operations.

Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions. "These statistics are incomplete; only Drupal websites using the Update Status module are included in the data," Drupal says.

Separately, the Cybersecurity and Infrastructure Security Agency in October warned that APT groups are exploiting the MobileIron flaw in combination with the severe Microsoft Windows Netlogon/Zerologon vulnerability. The flaw, first reported to MobileIron by Orange Tsai from DEVCORE, could allow an attacker to execute remote exploits without authentication.

VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products. A command injection vuln could allow malicious people who have network access to the "Administrative configurator on port 8443" together with "a valid password for the configurator admin account" to execute commands with "Unrestricted privileges on the underlying operating system," said VMware.

The UK National Cyber Security Centre issued an alert yesterday, prompting all organizations to patch the critical CVE-2020-15505 remote code execution vulnerability in MobileIron mobile device management systems. NCSC is warning that they are aware of hacking groups actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in the healthcare, local government, logistics, and legal sectors.