Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.
Welcome to the second issue of the Cloud Technology and Security Alert News Digest. Today it’s security, security, security: we’ll discuss dangerous malware plugins and themes aimed at CMS administrators, security in the Internet of Things, private webcams left wide open, and the coming marriage of SQL-NoSQL.
Malware plugins and themes for popular CMS
Security Week reports on a new white paper published by the Dutch security firm Fox-IT, describing the existence of plugins and themes – some claiming to be pirated versions of popular commercial packages – for Drupal, WordPress, and Joomla. The software includes built-in backdoor vulnerabilities providing access to external control. The Security Week article includes important identifying information.
SQL and NoSQL
Simon Bisson over at ZDNet just posted an interesting discussion about converging use cases and feature sets between SQL and NoSQL databases. With exploding volumes of data coming into play and our ever more complicated reliance on data resources, this trend can only pick up speed.
Internet of Things
According to ZDNet, IBM’s X-Force Threat Intelligence Quarterly has proposed a five-point security model implementation to counter some of the very real and current threats to devices attached to the “Internet of Things.” All of us – no matter which industry segment we serve – would be well served to adopt these guidelines.
At least change your password, stupid! Though it has since shut down, a Russian-based web site was offering open links to thousands of webcams and CCTVs from around the world – many of them monitoring children’s bedrooms and living spaces. The trick? The BBC reports that the site owner didn’t have to do any hacking, but simply relied on out-of-the-box protocols and default passwords.
Ed Bott at ZDNet makes a powerful case for imposing multi-factor authentication on your deployments. In fact, I push for the same thing over at my AWS IAM course, as it can greatly improve the security of your application and help to make a more robust architecture.