KW 44: Security risk cloud native breaches, Hundreds of thousands of vulnerabilities in virtual appliances, 58 percent of all Windows servers are not secure

NEWS

Security risk cloud native breaches: So-called cloud native breaches (CNB) represent a massive risk to internal company data security. These are systems that are incorrectly configured by the cloud users themselves and can then be misused as a gateway for hacker attacks. A McAfee study on the security of IaaS environments shows that 99 percent of the CNB remain undetected by the user for a longer period of time. And even if developers can identify misconfigurations, the study found that more than 25 percent of the problems remained unsolved.
cloudcomputing-insider.de

Hundreds of thousands of vulnerabilities in virtual appliances: In the “2020 State of Virtual Appliance Security Report” by Orca Security, 2,200 virtual appliance images from 540 providers were examined for known security-critical bugs. The alarming result: Orca Security claims to have uncovered a total of 401,571 vulnerabilities when scanning 2,218 images of virtual appliances. Not even eight percent of the appliances examined were free of vulnerabilities. The most common reason: Most manufacturers failed to update or discontinue their outdated or end-of-life products in advance.
dev-insider.de

58 percent of all Windows servers are not secure: According to the company Rapid7, significantly more than half of all Windows servers are still running Windows Server 2008, although Microsoft discontinued support for the system on January 14th this year. This was the result of a systematic scan of all systems accessible on the internet by Rapid7. The situation in China and the United States is particularly worrying, but the problem is also widespread in Germany. If Microsoft discontinues support for a Windows server, it will no longer be provided with the routinely created updates against new security gaps and can therefore no longer be operated safely.
heise.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of “Internet of Things”. iot-ticker.net

Eset is expanding its security portfolio for private users: In the future, the Slovak security provider Eset will offer private provider solutions from password managers to security checks on the router, shopping with a smartphone or gaming with a PC. The password manager is to be offered as a browser extension and, based on the app, also be available for Android and iOS devices. The “Secure Me” feature should offer the possibility of remote administration in order to be able to remotely carry out certain actions, such as emptying the browser cache, deleting the history or closing tabs, if necessary.
it-business.de

US signs 5G security deal with Bulgaria, North Macedonia, and Kosovo: North Macedonia, Kosovo and Bulgaria signed an agreement with the United States this Friday on high-speed broadband network security. The “Clean Network” initiative aims to eliminate long-term threats to data privacy, security and human rights posed to the free world from authoritarian malign actors, such as the Chinese Communist Party, according the US Department of State.
dw.com

ISMS: Risk-oriented security according to plan? it-zoom.de
Energy supply: Digitization offers new targets it-zoom.de
Phishing mails: Insecure employees are a risk factor zdf.de
WordPress: 5 plugins to protect against hackers t3n.de
Snyk: Security expert platform announces new SAST offer heise.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

According to a Bitkom survey, cyber attacks caused damage to 70 percent of companies in Germany in 2018 and 2019.
it-daily.net

BACKGROUND

Increased risk of cyber attacks in the health system: Hardly any other industry has been challenged by cyber attacks as much as the health sector. This is because they have valuable and confidential information that is being sold by cyber criminals or used to leverage ransom money. In addition, the security in the development and maintenance of medical devices by the manufacturer is a major challenge. The greatest challenges are in the areas of “access” and “security”. This is where the Threat Aware Network comes in.
security-insider.de

IT security and the human factor: Clarification is necessary: The current trend towards home offices in Covid times shows that people are an important security factor. In order to shield themselves from cyber attacks, companies still rely first and foremost solely on investments in new IT security systems, i.e. new hardware and software. But the training of employees in the area of IT security is at least as important. It is therefore all the more astonishing that 70 percent of IT security officers in Germany name the human factor and lack of security awareness as the greatest risks for companies, but at the same time 77 percent save money precisely at this point – on training.
xing.com

QUOTE

“When switching to teleworking and home office, IT security only played a subordinate role. That made it easier for many cyber criminals to attack IT systems.”
Bitkom’s Susanne Dehmel at the presentation of the management report for IT security in Germany by the Federal Office for Information Security (BSI).
it-production.com

SECURE?

Trump believes that password theft is next to impossible: According to US President Donald Trump speaking at a campaign event in Tucson, Arizona, on Monday, nobody gets hacked: “To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump said, referencing the recent suspension of C-SPAN political editor Steve Scully, who admitted falsely claiming his Twitter account was hacked this week after sending a tweet to former White House communications director Anthony Scaramucci. Trump neglected to mention that his hotel chain was hacked twice — once over a year-long period between 2014 and 2015 and again between 2016 and 2017.
techcrunch.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings