Security

Don't Allow VENOM VM Security Vulnerability to Bite Your Virtualization Platforms

Article written by David Marshall

VENOMThis latest virtualization exploit is being widely reported to affect virtual machines running on hypervisor platforms such as Xen, KVM and native QEMU. 

A security researcher, CrowdStrike, discovered and reported the new vulnerability, claiming it could allow a hacker to infiltrate potentially every machine on a datacenter’s network, leaving millions of virtual machines vulnerable to attack.

Hackers Not the Greatest Cloud Security Risk

Grazed from NorthEast Computer Services.  Author: Editorial Staff.

It is commonplace today to hear businesses voicing concerns about using cloud based services as though the cloud is much less secure than any system you might purchase or devise on site. In reality it is not the cloud or any other platform that determines how much of a security risk you are taking with your data.

The security of your data quite simply starts and ends with you. The commitment you make as the owner of a business to plan and do research to discover the best safety system fit for your company is easily the most important piece of the security risk puzzle. Once you have determined the most appropriate security configuration for your needs the next step is to put protocols in place from the top management on down to ensure the security systems as designed are working consistently and properly...

Cloud security reaches silicon

Grazed from MIT News.  Author: Larry Hardesty.

In the last 10 years, computer security researchers have shown that malicious hackers don’t need to see your data in order to steal your data. From the pattern in which your computer accesses its memory banks, adversaries can infer a shocking amount about what’s stored there.

The risk of such attacks is particularly acute in the cloud, where you have no control over whose applications are sharing server space with yours. An antagonist could load up multiple cloud servers with small programs that do nothing but spy on other people’s data...

Cloud Computing: New Browser Hack Can Spy On Eight Out Of Ten PCs

Grazed from Forbes. Author: Bruce Upbin.

A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.

The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker...

Security failing to keep pace with cloud technology adoption, report finds

Grazed from CloudTech. Author: James Bourne.

Cloud service providers (CSPs) can no longer treat security as a luxurious add-on, and customers have to ensure their providers take care of the issue, a new report asserts. The research, the latest cab off the rank from Ovum and FireHost entitled “The Role of Security in Cloud Adoption within the Enterprise”, offers sound advice to vendors and users alike. True, it’s stuff everyone will have heard before – but it’s worth repeating.

“On too many occasions, security has been positioned as an afterthought when new technology initiatives have been brought to market,” Ovum analyst Andrew Kellett writes. “Any service that includes access via public networks cannot ignore user and data protection requirements.”...

The Cloud Could Be Your Best Security Bet

Grazed from TechCrunch.  Author: Ron Miller.

Conventional IT wisdom says that you’re safer and more secure when you control your own on-premises datacenter. Yet if you think about every major data breach over the last two years, whether Anthem, Sony, JPMorgan or Target, all involved on-premises datacenters, not the cloud.

In fact, if a cloud service has proper controls, it could be safer than running your own datacenter. Amazon, Google, Salesforce and Box to a company have much more at stake when it comes to security. A breach could prove devastating to their businesses...

Cloud, Mobile Technology Complicating IT Security

Grazed from eWeek. Author: Nathan Eddy.

Legacy security systems and practices are often not sufficient to protect companies’ expanding use of cloud and mobile technologies, according to a CompTIA study. Malware and hacking are still the top threats causing concern, with nearly half of all companies citing these as serious concerns.

"One of the most important things that small businesses can do is to form a policy around security," Seth Robinson, senior director, technology analysis, CompTIA, told eWEEK. "Only 44 percent of SMBs say that they have a comprehensive security policy in place. The key part in forming a policy is having discussions across an organization to ensure that everyone is on the same page."...

See more at: http://www.eweek.com/small-business/cloud-mobile-technology-complicating-it-security.html#sthash.Pt7aQWV1.dpuf

Cloud Computing: What's the Cost of a Cyberattack?

Grazed from CFO. Author: David M. Katz.

In a February editorial about the buildup of cyberattacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” Thus, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack. In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

$104 and 8 hours of Amazon's cloud computing is all it took to hack NSA's website

Grazed from TechWorm. Author: Editorial Staff.

A group of researchers only needed $104 and 8 hours of Amazon’s cloud computing power and of course, FREAK to hack the NSA’s website. The researchers used NSA’s anti-encryption policies, which were the main reason for the newly disclosed internet flaw called FREAK, to make NSA’s own website a guinea pig.

The bug which was disclosed by Akamai and subsequently reported by Techworm on Monday allows any potential hacker to intercept a supposedly secure connection between people using Android or Apple devices and PC’s using Mac OS X and Safari browser. The websites vulnerable to this flaw may be in thousands including NSA.gov, FBI.gov and Whitehouse.gov...

'Security, privacy' main barrier to 'government cloud' rollout in EU

Grazed from TheRegister. Author: Editorial Staff.

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security and privacy issues were the main reasons that "deployment of governmental cloud computing is in general at a very early stage (click through for 40-page/3.03MB PDF)" in the EU.

"Security and privacy issues are considered as key factors to take into account for migration, and at the same time are the main barriers for adoption," ENISA said. "Protection of sensitive data is still an issue seeking solution, spanning from the SLA provisions to the actual technological mechanisms i.e encryption etc...