Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.
Welcome to the Cloud Technology and Security Alert News Digest. This week we’ll discuss vulnerabilities. And more vulnerabilities. Fortunately, each of the current crop of server flaws has an available patch.
More OpenSSL pain
According to ZDNet, If you’re using an operating system that runs OpenSSL 1.0.2 (or 1.0.1, 1.0.0 and 0.9.8, for that matter), then you’re going to want to upgrade to OpenSSL 1.0.2a pretty quickly. Version 1.0.2a includes patches for twelve vulnerabilities, with the most serious of them (ClientHello sigalgs DoS – CVE-2015-0291) capable of exposing servers to full denial of service attacks.
“Windows Live” may be a bit too lively
A curious IT professional in Finland stumbled upon a hole in Windows Live security that “allowed him to automatically receive sensitive certificates from browser-trusted certificate authority Comodo.”
According to Ars Technica, when the fellow contacted both Finish authorities and multiple recipients at Microsoft informing them of the flaw, he was ignored. He only learned that his emails had even been noticed some six weeks later when his entire Live account was frozen.
Internet security is in the safest hands.
And now: WordPress
A serious vulnerability has been discovered in the wildly popular Yoast WordPress plugin (which guides writers through the search engine optimization process). ZDNet reports that the flaw makes it possible “to override existing OAuth2 credentials used by the plugin to pull data from Google Analytics.” An attacker could add script tags that could be executed when a user views the settings page.
Who needs backdoor access now?
So are you completely overwhelmed by all those digital vulnerabilities? And your front door doesn’t concern you?
The good news: never get locked out of your house again: upload your house key to the cloud. Ars Technica reports on KeyMe, that can cut physical keys from a smartphone photo of the original. Lost your original? Simply head to your local KeyMe kiosk and pick up a replacement. The bad news: while KeyMe kiosks will not print your key without first confirming your identity through fingerprint authentication, one can’t help but worry about the potential for illegal access. Just imagine your key going viral.
Protect your wrists!
Ok. So it won’t do much to protect your house key or your servers, but these six practical tips from David Gewirtz at ZDNet could save your poor, overworked wrists from serious injury. And THAT could make keeping out the bad guys a lot easier. Remember: Cloud Academy cares about you…not just your deployments.
6 Ways to Prevent a Data Breach
The cloud is a new territory for the digital world. But with all of its benefits, there also comes risks and dangers. If your business depends on the cloud to store data, you’re probably facing a number of problems about how to best secure your data. According to studies, as many as 95 ...
Blog Digest: 5 Reasons to Get AWS Certified, OWASP Top 10, Getting Started with VPCs, Top 10 Soft Skills, and More
Thank you for being a valued member of our community! We recently sent out a short survey to understand what type of content you would like us to add to Cloud Academy, and we want to thank everyone who gave us their input. If you would like to complete the survey, it's not too late. It ...
OWASP Top 10 Vulnerabilities
Over the last few years, more than 10,000 Open Web Application Security Project (OWASP) vulnerabilities have been reported into the Common Vulnerabilities and Exposures (CVE®) database each year. This is a list of common identifiers for publicly known cybersecurity vulnerabilities. Curr...
Blog Digest: AWS Breaking News, Azure DevOps, AWS Study Guide, 8 Ways to Prevent a Ransomware Attack, and More
New articles by topicAWS Azure Data Science Google Cloud Cloud Adoption Platform Updates & New Content Security Women in TechAWSBreaking News: All AWS Certification Exams Now Available Online As an Advanced AWS Technology Partner, C...
8 Ways to Protect Your Data From a Ransomware Attack
Ransomware attacks have continued to grow both in scope and audacity over the past several years.This type of malware has become one of the biggest cybersecurity threats for enterprises, and experts predict the situation is only going to get worse. The WannaCry ransomware incident o...
Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more
With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...
Azure Security: Best Practices You Need to Know
When it comes to Azure Security best practices, where do you begin? In a lot of ways, Azure is very similar to any other data center. But with that said, Azure can also be very different. Securing Azure can pose many unique challenges. The security of resources hosted in Azure is of the...
Cloud Computing Solutions: 7 Trends for the Future
The world of cloud computing is in a state of flux. Not long ago, the cloud was considered an emerging technology, known only to IT specialists. Today it is a part of everyday life – 96% of businesses use the cloud in one form or another, and this number only looks set to grow. Whether ...
AWS Security Groups: Instance Level Security
Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...
7 Key Cybersecurity Threats to Cloud Computing
When businesses consider cloud computing, one of the major advantages often cited is the fact that it can make your business more secure. In fact, in recent years many businesses have chosen to migrate to the cloud specifically for its security benefits. So, it might surprise you to lea...
DevSecOps: How to Secure DevOps Environments
Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...
Top 10 Things Cybersecurity Professionals Need to Know
There has been an increase in data breaches over the recent years. With almost 143 million Americans who have had their data compromised in data breaches. These breaches include all sorts of sensitive data, including financial information, election controversies, social security, just t...