Cloud Technology and Security Alert News Digest – Issue #7

Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.


Welcome to issue #7 of the Cloud Technology and Security Alert News Digest. If you thought last week’s security alerts were scary, you should definitely put your coffee down before reading further. But it’s not all bad news: at least one of our current crop of warnings has absolutely nothing to do with cloud deployment vulnerabilities. Sort of.
Icon showing a key

The (really dangerous) ties that BIND

Once again, by far the biggest deployment news of the week concerns a DNS vulnerability. I’m sure that, by now, many of you think I’m overdoing it just a bit in the network security bad news department. Turns out, according to another post by Steven J. Vaughan-Nichols at ZDNet, that I’ve actually been understating things. This time the web site behind the critical DNS provider BIND has been exposed to malware. If you’re responsible for Internet-facing servers, you CAN’T ignore this one.

Microsoft server security

And speaking of Internet security, while I’m not sure why this is news just now, nevertheless, ZDNet reports on a recent Microsoft claim that more and more “security researchers and engineers” are running MS EMET (Enhanced Mitigation Experience Toolkit) on all the systems under their control. Managing a Windows-based deployment? Think seriously about EMET.

Did you leave the back door of your house open again?

Well, even if everything in the cloud seems chaotic, we can still go home and enjoy the simplicity and safety of our connected devices. Not so fast. Ars Technica reports that at least twelve million home and business routers are vulnerable to hijack attacks. Which means, of course, that every time you log in to your super-secure cloud deployment from home, you might be exposing the whole system to whoever happens to be running your router right now.
The good news? My own home router model is not listed among those compromised.

Is privacy still possible?

The flip side of anti-malware security efforts is anti-intrusion defence. Whether you’re worried about hackers, commercial competitors, or government agencies gaining access to your data, the odds are that your sense of privacy has lately been badly eroded. Zack Whittaker at ZDNet lists some excellent free and open source privacy tools (like Gnu Privacy Guard and Off-the-Record) that are still available, and still effective.

Avatar

Written by

David Clinton

A Linux system administrator with twenty years' experience as a high school teacher, David has been around the industry long enough to have witnessed decades of technology trend predictions; most of them turning out to be dead wrong.


Related Posts

Simran Arora
Simran Arora
— August 21, 2020

Docker Image Security: Get it in Your Sights

For organizations and individuals alike, the adoption of Docker is increasing exponentially with no signs of slowing down. Why is this? Because Docker provides a whole host of features that make it easy to create, deploy, and manage your applications. This useful technology is especiall...

Read more
  • DevOps
  • Docker
  • Security
Wendy Dessler
Wendy Dessler
— July 17, 2020

VPN Encryption: How to Find the Best Solution

Each day there are 2.5 quintillion bytes of data created. People in all corners of the earth use the internet all day, every day. When we browse social media, conduct transactions, and search the web, we're leaving behind a digital footprint.  Encryption helps you protect the data yo...

Read more
  • Encryption
  • IPsec
  • Security
  • VPN
Alisha Reyes
Alisha Reyes
— July 16, 2020

Blog Digest: Which Certifications Should I Get?, The 12 Microsoft Azure Certifications, 6 Ways to Prevent a Data Breach, and More

This month, we were excited to announce that Cloud Academy was recognized in the G2 Summer 2020 reports! These reports highlight the top-rated solutions in the industry, as chosen by the source that matters most: customers. We're grateful to have been nominated as a High Performer in se...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • OWASP
  • OWASP Top 10
  • Security
  • VPCs
Bea Potter
Bea Potter
— June 10, 2020

6 Ways to Prevent a Data Breach 

The cloud is a new territory for the digital world. But with all of its benefits, there also come risks and dangers. If your business depends on the cloud to store data, you’re probably facing a number of problems about how to best secure your data. According to studies, as many as 95 p...

Read more
  • data breach
  • Security
Alisha Reyes
Alisha Reyes
— June 2, 2020

Blog Digest: 5 Reasons to Get AWS Certified, OWASP Top 10, Getting Started with VPCs, Top 10 Soft Skills, and More

Thank you for being a valued member of our community! We recently sent out a short survey to understand what type of content you would like us to add to Cloud Academy, and we want to thank everyone who gave us their input. If you would like to complete the survey, it's not too late. It ...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • OWASP
  • OWASP Top 10
  • Security
  • VPCs
Vijayakumar Athithan
Vijayakumar Athithan
— May 8, 2020

OWASP Top 10 Vulnerabilities

Over the last few years, more than 10,000 Open Web Application Security Project (OWASP) vulnerabilities have been reported into the Common Vulnerabilities and Exposures (CVE®) database each year. This is a list of common identifiers for publicly known cybersecurity vulnerabilities. Curr...

Read more
  • Machine Learning
  • OWASP
  • OWASP Top 10
  • Security
Alisha Reyes
Alisha Reyes
— April 30, 2020

Blog Digest: AWS Breaking News, Azure DevOps, AWS Study Guide, 8 Ways to Prevent a Ransomware Attack, and More

  New articles by topic AWS Azure Data Science Google Cloud  Cloud Adoption Platform Updates & New Content Security Women in Tech AWS Breaking News: All AWS Certification Exams Now Available Online As an Advanced AWS Technology Partner, C...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Daniel William
Daniel William
— April 15, 2020

8 Ways to Protect Your Data From a Ransomware Attack

Ransomware attacks have continued to grow both in scope and audacity over the past several years. This type of malware has become one of the biggest cybersecurity threats for enterprises, and experts predict the situation is only going to get worse. The WannaCry ransomware incident o...

Read more
  • attacks
  • data
  • ransomware
  • Security
Alisha Reyes
Alisha Reyes
— March 17, 2020

Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more

With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Orion Withrow
Orion Withrow
— December 17, 2019

Azure Security: Best Practices You Need to Know

When it comes to Azure Security best practices, where do you begin? In a lot of ways, Azure is very similar to any other data center. But with that said, Azure can also be very different. Securing Azure can pose many unique challenges. The security of resources hosted in Azure is of the...

Read more
  • Azure
  • azure best practices
  • azure security center
  • Security
Chester Avey
Chester Avey
— November 7, 2019

Cloud Computing Solutions: 7 Trends for the Future

The world of cloud computing is in a state of flux. Not long ago, the cloud was considered an emerging technology, known only to IT specialists. Today it is a part of everyday life – 96% of businesses use the cloud in one form or another, and this number only looks set to grow. Whether ...

Read more
  • Cloud Computing
  • internet of everything
  • multi-cloud
  • Security
  • SEO
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups