Security News

Here's a look at the most interesting products from the past week, featuring releases from Action1, Cloudflare, Code42, F5 Networks, NetQuest, Oxeye, SentinelOne and Tenable. The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle.

Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling. Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as Code.

An Imperva Snapshot assessment lets teams assess the status of their databases and the data stored, to identify non-compliance with privacy regulations as well as compliance requirements for cloud data stores. iStorage datAshur SD offers data storage solution to securely share and scale unlimited encrypted data.

The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency. In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.

Boxcryptor protects business data in Microsoft Teams with end-to-end encryption features. Via the personal app, there is the possibility to access encrypted data in the personal OneDrive.

Infosec must "Reclaim" the word crypto from people who trade in Bitcoins and other digital currencies, according to industry veteran Bruce Schneier - and it seems some Reg readers agree. "I have long been annoyed that the word 'crypto' has been co-opted by the blockchain people, and no longer refers to 'cryptography'," blogged Schneier in a classically brief post on Monday.

Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settings to redirect browsers to malicious sites, reconfigure the gateway, and cause other general mischief and irritation.

The new version features a modern design, increased productivity capabilities, and enhanced security and privacy features. Palo Alto Networks Prisma Cloud 3.0 protects cloud environments from development to runtime.

The United States Federal Bureau of Investigation has admitted that a software misconfiguration let parties unknown send email from its servers. A statement from the Bureau, dated November 14th, states that the agency "Is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal to send fake emails".

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.