Security News
Microsoft has released a new Windows 11 build with a long list of changes, improvements, and fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel. The build's highlight is a new policy for Windows admins who want to exclude USB removable drives from BitLocker encryption.
A Register reader has raised concerns over UK ISP Virgin Media's password policies after discovering he couldn't set a password longer than 10 characters or one that includes non-alphanumeric characters. "I am having a running battle with a hacker who is able to crack a 10-character password used for Virgin or Virginmedia email in less than a day," Nick complained, saying the attacker was setting up auto-forward rules to divert his emails as well as being able to guess newly reset passwords within a day.
Nirmata announced a report that features an analysis of the current cloud native policy management market adoption, including the technologies used and the challenges that organizations face. The survey highlights that nearly 50 percent of users in cloud native environments have adopted some level of policy management solution in their Kubernetes environment.
To select a suitable policy automation solution for your business, you need to think about a variety of factors. The policy automation solution should easily expand as new network and cloud security controls are added.
Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.
Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.
On the surface, it might seem like configuration errors should be an easily solvable problem: organizations should simply pay more attention to any changes and manually make sure all settings are correct every time a change is made. To successfully control how every update, change and addition is implemented - and to understand how each change affects the environment and other changes that are already "In flight" - the only solution is to embrace automation.
India has announced a new security policy for its power sector and specified a grade of isolation it says exceeds that offered by air gaps. "The much hyped air gap myth between information technology and operational technology systems now stands shattered," the policy states, before going on to offer a slightly odd definition of an air gap.
For the healthcare sector, the impact is far greater; cyberattacks can be a matter of life or death. While investing in these digital transformation technologies, the healthcare sector has yet to put the corresponding resources into cybersecurity to protect them.
The Biden administration, in addition to using its convening power to cajole big tech to invest more in cybersecurity, also issued an Executive Order in May that sought to leverage the Federal government's purchasing power to drive greater software security. The most visible implementation action so far has been the guidance on security measures for federal agency use of critical software developed by NIST. While not groundbreaking in substance - the guidance amounts to an index of best practices citing previous federal advisories - the list will help federal agency CIOs ensure they have addressed key software supply chain risks.