Security News

Suing Infrastructure Companies for Copyright Violations
2021-10-13 14:47

It's a matter of going after those with deep pockets. Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs.

KuberLogic open-source platform turns infrastructure into a managed PaaS
2021-10-13 04:45

CloudLinux launched a new open-core project - KuberLogic - software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on GitHub, KuberLogic allows administrators to run and deploy key open-source components with simple configurations and high availability.

Cloud infrastructure spending decreased 2.4% YOY in 2Q21
2021-10-08 03:30

Spending on compute and storage infrastructure products for cloud infrastructure, including dedicated and shared environments, decreased 2.4% year over year in the second quarter of 2021 to $16.8 billion, according to IDC. This decrease comes after six quarters of year-over-year growth, and most notably compares to the 39.1% annual growth seen by the market in 2Q20, when the world just entered the pandemic with the first wave of business and country closures causing a spike in investments in cloud services and infrastructure. Investments in non-cloud infrastructure increased 3.4% year over year in 2Q21 to $13.4 billion recovering from a 7.2% decline in 2Q20. Spending on shared cloud infrastructure decreasing too.

Critical infrastructure IoT security: Going back to basics
2021-10-06 06:00

Is the IoT technology that powers critical infrastructure really that vulnerable and what can be done to mitigate the risks? It is unsurprising that the vulnerability of IoT and the critical infrastructure landscape as a whole to cyberattacks is becoming a growing concern within the security landscape and recent attacks on the sector have proven the need to ramp up security efforts.

New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
2021-09-26 21:39

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "Oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above.

Nagios XI vulnerabilities open enterprise IT infrastructure to attack
2021-09-23 11:32

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system.Attackers are likely to try to exploit vulnerabilities in network management systems like Nagios because their oversee critical network components and core servers and often contain many network secrets so they can do their job, Claroty researchers noted.

Study to become a CompTIA security infrastructure expert
2021-09-22 13:57

IT system administrators who have just started focusing on security and would love nothing better than moving up into the highly paid field of cybersecurity would do well to take a look at The CompTIA Security Infrastructure Expert Bundle. Even with just about two years of experience, you should have no problem with CompTIA Security+.

Most Fortune 500 companies’ external IT infrastructure considered at risk
2021-09-15 05:00

Nearly three quarters of Fortune 500 companies' IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. 73% of Fortune 500 companies' total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability.

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
2021-09-03 09:23

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.

Critical infrastructure today: Complex challenges and rising threats
2021-09-02 05:30

Cyber attacks against critical national infrastructure are escalating. The most frequently-discussed aspect of critical infrastructure events are availability impacts: stopping or interrupting a process or organization.