Security News

Spending on compute and storage infrastructure products for cloud infrastructure, including dedicated and shared environments, decreased 2.4% year over year in the second quarter of 2021 to $16.8 billion, according to IDC. This decrease comes after six quarters of year-over-year growth, and most notably compares to the 39.1% annual growth seen by the market in 2Q20, when the world just entered the pandemic with the first wave of business and country closures causing a spike in investments in cloud services and infrastructure. Investments in non-cloud infrastructure increased 3.4% year over year in 2Q21 to $13.4 billion recovering from a 7.2% decline in 2Q20. Spending on shared cloud infrastructure decreasing too.

Is the IoT technology that powers critical infrastructure really that vulnerable and what can be done to mitigate the risks? It is unsurprising that the vulnerability of IoT and the critical infrastructure landscape as a whole to cyberattacks is becoming a growing concern within the security landscape and recent attacks on the sector have proven the need to ramp up security efforts.

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "Oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above.

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system.Attackers are likely to try to exploit vulnerabilities in network management systems like Nagios because their oversee critical network components and core servers and often contain many network secrets so they can do their job, Claroty researchers noted.

IT system administrators who have just started focusing on security and would love nothing better than moving up into the highly paid field of cybersecurity would do well to take a look at The CompTIA Security Infrastructure Expert Bundle. Even with just about two years of experience, you should have no problem with CompTIA Security+.

Nearly three quarters of Fortune 500 companies' IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. 73% of Fortune 500 companies' total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability.

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.

Cyber attacks against critical national infrastructure are escalating. The most frequently-discussed aspect of critical infrastructure events are availability impacts: stopping or interrupting a process or organization.

Investment in technology and data infrastructure sit at the top of asset managers' priorities as they position themselves to deliver business growth in the recovery from the COVID-19 pandemic. 56% say their investment will focus on these areas over the next 12 months and for 47% on ensuring ESG compliance across their product range.

China's government has introduced rules for protection of critical information infrastructure. An announcement by the Cyberspace Administration of China said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe.