Regulator unconvinced large fines are effective deterrent
Daily Archives: July 4, 2022
11 top cloud security threats
Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance’s annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. “Data breaches and data loss were the top concerns last year,” says CSA Global Vice President of Research John Yeoh. “This year, they weren’t even in the top 11.”
“What that tells me is the cloud customer is getting a lot smarter,” Yeoh continues. “They’re getting away from worrying about end results—a data breach or loss is an end result—and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them.”
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare’s web application firewall (WAF) service, the attacks started in late May.
The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.
HackerOne Insider Defrauded Customers
Lessons from a dual career: Happiest Mind’s CISO Vijay Bharati
Vijay Bharati, CISO and senior vice president of cybersecurity practice at Happiest Minds Technologies, ranks among the few enterprise cybersecurity practitioners who handle both the overall cybersecurity business and internal security for the company.
Bharati has more than 22 years of experience across multiple domains such as identity and access management, data security, cloud security, and infrastructure security under his belt. Over the years, he has established trust and credibility with both external and internal stakeholders. In conversation with CSO India, Bharati talks about his experience working both internally and externally, how organisations can build cybersecurity ground up to minimize risks, and how India can bridge the security skills gap.
DSA-5175 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5176 blender – security update
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.