Cloud Technology and Security Alert News Digest – Issue #18

Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.


Welcome to the Cloud Technology and Security Alert News Digest. This week we’ll discuss vulnerabilities. And more vulnerabilities. Fortunately, each of the current crop of server flaws has an available patch.

More OpenSSL pain

According to ZDNet, If you’re using an operating system that runs OpenSSL 1.0.2 (or 1.0.1, 1.0.0 and 0.9.8, for that matter), then you’re going to want to upgrade to OpenSSL 1.0.2a pretty quickly. Version 1.0.2a includes patches for twelve vulnerabilities, with the most serious of them (ClientHello sigalgs DoS – CVE-2015-0291) capable of exposing servers to full denial of service attacks.

“Windows Live” may be a bit too lively

A curious IT professional in Finland stumbled upon a hole in Windows Live security that “allowed him to automatically receive sensitive certificates from browser-trusted certificate authority Comodo.”

According to Ars Technica, when the fellow contacted both Finish authorities and multiple recipients at Microsoft informing them of the flaw, he was ignored. He only learned that his emails had even been noticed some six weeks later when his entire Live account was frozen.

Internet security is in the safest hands.

And now: WordPress

A serious vulnerability has been discovered in the wildly popular Yoast WordPress plugin (which guides writers through the search engine optimization process). ZDNet reports that the flaw makes it possible “to override existing OAuth2 credentials used by the plugin to pull data from Google Analytics.” An attacker could add script tags that could be executed when a user views the settings page.

Upgrade immediately.

Who needs backdoor access now?

So are you completely overwhelmed by all those digital vulnerabilities? And your front door doesn’t concern you?

The good news: never get locked out of your house again: upload your house key to the cloud. Ars Technica reports on KeyMe, that can cut physical keys from a smartphone photo of the original. Lost your original? Simply head to your local KeyMe kiosk and pick up a replacement. The bad news: while KeyMe kiosks will not print your key without first confirming your identity through fingerprint authentication, one can’t help but worry about the potential for illegal access. Just imagine your key going viral.

Protect your wrists!

Ok. So it won’t do much to protect your house key or your servers, but these six practical tips from David Gewirtz at ZDNet could save your poor, overworked wrists from serious injury. And THAT could make keeping out the bad guys a lot easier. Remember: Cloud Academy cares about you…not just your deployments.

Avatar

Written by

David Clinton

A Linux system administrator with twenty years' experience as a high school teacher, David has been around the industry long enough to have witnessed decades of technology trend predictions; most of them turning out to be dead wrong.


Related Posts

Chester Avey
Chester Avey
— November 7, 2019

Cloud Computing Solutions: 7 Trends for the Future

The world of cloud computing is in a state of flux. Not long ago, the cloud was considered an emerging technology, known only to IT specialists. Today it is a part of everyday life – 96% of businesses use the cloud in one form or another, and this number only looks set to grow. Whether ...

Read more
  • Cloud Computing
  • internet of everything
  • multi-cloud
  • Security
  • SEO
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups
Chester Avey
Chester Avey
— September 10, 2019

7 Key Cybersecurity Threats to Cloud Computing

When businesses consider cloud computing, one of the major advantages often cited is the fact that it can make your business more secure. In fact, in recent years many businesses have chosen to migrate to the cloud specifically for its security benefits. So, it might surprise you to lea...

Read more
  • Cybersecurity
  • Security
Avatar
Adam Hawkins
— August 9, 2019

DevSecOps: How to Secure DevOps Environments

Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...

Read more
  • AWS
  • cloud security
  • DevOps
  • DevSecOps
  • Security
Avatar
Paola Di Pietro
— July 19, 2019

Top 10 Things Cybersecurity Professionals Need to Know

There has been an increase in data breaches over the recent years. With almost 143 million Americans who have had their data compromised in data breaches. These breaches include all sorts of sensitive data, including financial information, election controversies, social security, just t...

Read more
  • Azure
  • cyber security
  • Security
Avatar
Stuart Scott
— July 18, 2019

AWS Fundamentals: Understanding Compute, Storage, Database, Networking & Security

If you are just starting out on your journey toward mastering AWS cloud computing, then your first stop should be to understand the AWS fundamentals. This will enable you to get a solid foundation to then expand your knowledge across the entire AWS service catalog.   It can be both d...

Read more
  • AWS
  • Compute
  • Database
  • fundamentals
  • networking
  • Security
  • Storage
Avatar
Adam Hawkins
— April 16, 2019

The Convergence of DevOps

IT has changed over the past 10 years with the adoption of cloud computing, continuous delivery, and significantly better telemetry tools. These technologies have spawned an entirely new container ecosystem, demonstrated the importance of strong security practices, and have been a catal...

Read more
  • DevOps
  • Security
Avatar
Adam Hawkins
— March 21, 2019

How DevOps Increases System Security

The perception of DevOps and its role in the IT industry has changed over the last five years due to research, adoption, and experimentation. Accelerate: The Science of Lean Software and DevOps by Gene Kim, Jez Humble, and Nicole Forsgren makes data-backed predictions about how DevOps p...

Read more
  • DevOps
  • Security
Avatar
Stuart Scott
— November 29, 2018

New Security & Compliance Service: AWS Security Hub

This morning’s Andy Jassy keynote was followed by the announcement of over 20 new services across a spectrum of AWS categories, including those in Security and Compliance, Database, Machine Learning, and Storage.   One service that jumped out to me was the AWS Security Hub, currently...

Read more
  • AWS
  • re:Invent 2018
  • Security
Alex Brower
Alex Brower
— October 17, 2018

Interview: Q&A with John Visneski

Security is a top priority for organizations of all types, with research firm IDC projecting 10% spending growth to $91 billion dollars in 2018. For leadership, security is important considering the cost, regulation, and reputation at stake when breaches occur. According to a joint ...

Read more
  • Security
John Visneski
John Visneski
— October 2, 2018

Building Security Teams in a Competitive Talent Market: These Are The Droids You’re Looking for

John Visneski is the Head of Security and DPO at The Pokemon Company International. If you missed the webinar we organized in collaboration with John Visneski you can still watch it on demand, simply click here.  The reasoning behind the popularity of this perspective is clear, if no...

Read more
  • Security
Albert Qian
Albert Qian
— September 25, 2018

Microsoft Ignites Cloud Industry With Nadella Keynote

On Monday, Microsoft kicked off its Ignite conference, an annual gathering of developers and IT professionals. Over the next week, attendees will learn about upcoming Microsoft innovations in IoT, artificial intelligence, machine learning, and cloud (all while getting some good networki...

Read more
  • Events
  • IoT
  • Machine Learning
  • Security