Security News
The DHS is partnering with BlueRISC Inc to develop Cloud-based Root-of-Trust technology to keep agency email separate and secure on corporate-owned, personally enabled devices, even when the user operates personal email from the same device. "The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections," said Kris Carver, BlueRISC Technical Director.
Amazon Detective is a new security service that makes it easy for customers to conduct investigations into security issues across their AWS workloads. Amazon Detective automatically collects log data from a customer's resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help customers analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
Cisco has fixed five security vulnerabilities in its Software-Defined WAN Solution, two of which could allow an authenticated, local attacker to either gain root privileges on the underlying operating system or to inject arbitrary commands that are executed with root privileges. While there is no indication that these flaw are being actively exploited, no workarounds addressing the vulnerabilities exist so upgrading to the Cisco SD-WAN Solution software release 19.2.2.
Google has awarded its inaugural annual top prize for the Google Cloud Platform, for vulnerabilities found in the Google Cloud Shell. The find - a container escape that leads to host root access and the ability to use privileged containers - has earned $100,000 for Dutch researcher Wouter ter Maat.
How many times have you met someone full of promises and big on talk, only to be disappointed by what results from your engagement with them? Normans not only let organizations down, they adversely affect the information security postures of those organizations by taking valuable time and resources away from other value-added activities. If you know someone who has these traits, they might be a Norman.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Enveil, a Fulton, Maryland-based data security company, today announced that it has secured $10 million in Series A funding. Founded in 2016, Enveil launched ZeroReveal in July 2018, its commercial homomorphic encryption product that helps protect data while it's being used or processed.
Sudo is included in macOS, but this option was not enabled when we tried it on our Catalina box. If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.
A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system. Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user.