Security News

You need to recognize the most critical cloud security challenges and develop a strategy for minimizing these risks. With that in mind, let's dive into the five most pressing cloud security challenges faced by modern organizations.

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. "Kevin Brown, Managing Director of BT Security, said:"Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider.

The report found that more than three-quarters of respondents are concerned or very concerned about protecting their personal data, with 42 percent of consumers saying they wouldn't share sensitive data with a business for any reason. As data becomes more valuable to combat the pandemic, companies must provide consumers with more background and reasoning as to why they're collecting data - and how they plan to protect it.

Jenkins-a popular open-source automation server software-published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. "Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat," read the advisory.

Cisco patched a critical flaw in its wide area network software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services, which is software that Cisco describes as a "WAN optimization solution." It helps manage business applications that are being leveraged in virtual private cloud infrastructure.

Jenkins-a popular open-source automation server software-published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. "Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat," read the advisory.

Intel, SAP, and Citrix release critical security updatesAugust 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Exploits for vBulletin zero-day released, attacks are ongoingThe fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered.

The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability, ranking 10 out of 10 on the CVSS scale; as well as an unauthenticated arbitrary file deletion error, ranking 9.9 out of 10. "Any of the 30,000 sites running the plugin are subject to any file being deleted, which includes the wp-config.php file, by unauthenticated site users."

Organizations must quickly adopt the zero trust mindset of "Never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report. Today, a new report from microsegmentation platform Illumio, revealed how organizations approach and incorporate zero trust into business and cybersecurity strategies, as everyone moves deeper into the second half of the new business normal, under COVID-19 restrictions.

The flaws exist in Citrix Endpoint Management, often referred to as XenMobile Server, which enables businesses to manage employees' mobile devices and mobile applications by controlling device security settings and updates. Specifically impacted at a critical level by the dual vulnerabilities is: XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6 and XenMobile Server before 10.9 RP5. The remaining three flaws are rated medium- and low-severity.