Cloud

Vulnerabilities

Issued by: Security Week

Go, or Golang, is an open source programming language designed for building reliable and efficient software at scale. Supported by Google, Go is leveraged by some of the world’s largest companies and it’s often used to develop cloud-native apps, including for Kubernetes. Oxeye researchers have conducted an analysis of Go-based cloud-native applications and discovered an…

Application Security

Issued by: Dark Reading

Authentication used to be binary: I give you access or I don’t give you access. But with the rise of remote/hybrid work and the growing number of cloud applications in use, organizations need an even more precise approach to authentication, says Ash Devata, vice-president and general manager of Cisco Zero Trust and Duo Security. “Every…

Vulnerabilities

Issued by: Dark Reading

Researchers have discovered a denial-of-service (DoS) vulnerability in Envoy Proxy, which gives attackers the opportunity to crash the proxy server. This could lead to performance degradation or unavailability of resources handled by the proxy, according to JFrog Security Research, which disclosed the vulnerability (CVE-2022-29225). Envoy is a widely used open source edge and service proxy…

Cloud Security

Issued by: Dark Reading

The pandemic-propelled shift to work-from-home and bring-your-own-devices accelerated the already expanding move to the cloud. IDC predicts that global cloud spending will grow from $703 billion in 2021 to $1.3 trillion in 2025. Statista reports that the percentage of corporate data stored on the cloud rose from 30% in 2015 to 48% at the beginning…

Cloud Security

Issued by: CIO Security

As organisations pivot to hybrid working models, cloud collaboration tools have proved they are scalable, secure, and resilient – finally dispelling any lingering concerns that the technology is not yet enterprise ready. In fact, one of the key messages from the recent CIO Cloud Transformation Summit was that this technology has dramatically transformed the business…

Cloud Security

Issued by: Dark Reading

RSAC 2022, Gartner SRM 2022, and Los Angeles, Calif. – Jun 2, 2022 – Gurucul, the leader in Next-Gen SIEM, XDR, UEBA and Identity Access Analytics, today announced availability of the Gurucul Security Analytics and Operations Platform. A cloud-native, unified and modular platform for consolidating core security operations center (SOC) solutions with the vital addition…

Vulnerabilities

Issued by: Security Week

The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request. Many versions of Jira are affected, but the vendor noted that…

Network Security

Issued by: CIO Security

It sounds like a nearly perfect cybersecurity solution: Intercept incoming data before it reaches the user’s web browser; isolate it in a secure sandbox; and send only the screen images—or pixels—to the browser. The ephemeral server is fully isolated from the organization’s IT assets and data, and its browser sessions are destroyed when the user…