As anyone who has worked on a cross-functional team with no clear owner knows, “shared” or “joint” responsibility often means that everyone assumes that someone else is taking care of the problem. Without clear effort to make sure that nothing falls between the two (or more) teams, something always gets missed.
The shared responsibility model and cloud service providers
The cloud services “shared responsibility” model goes something like this: the cloud provider protects everything below a certain level (that level generally being their software) and is responsible for securing it. Consider that the foundation of your house. You, the customer, are responsible for protecting everything above the foundation—securing the house, if you will.
The Cloud Security Alliance (CSA) recently published the Software-Defined Perimeter (SDP) 2.0 specification, which is created by their SDP and zero-trust working groups. Given that the original specification was published in 2014 and we’ve seen industry-wide eagerness to adopt zero trust, this update is timely. SDP ties closely to the pursuit of implementing a zero-trust architecture, and what follows are the key aspects of SDP 2.0 in zero-trust environments that CISOs and other security leaders need to know.
Costa Rica’s outgoing president, Carlos Alvarado Quesada, has said that a ransomware attack on the government’s computer systems was an attempt to destabilise the country as it transitions to a new administration.
Read more in my article on the Hot for Security blog.
Aiming to reduce affiliate fraud and mitigate privacy risks, web and internet security company Akamai has released Audience Hijacking Protector, a cloud-based solution designed to minimize in-browser marketing frauds by blocking unwanted redirections like unauthorized ads and pop-ups.
Promising protection from possible revenue loss and disrupted customer experiences, the new hijacking protector, generally available now, offer features to defend against unwanted redirection of customers to competing and malicious websites.
“The browser is often an ignored area for application behavior control,” says Patrick Sullivan, CTO of security strategy at Akamai. “But in-browser protections are a key area for effective business and security controls. Audience Hijacking Protector gathers unique data that generates actionable insights to maximize revenue opportunities and minimize fraud.”
Douglas Mendizábal discovered that Barbican incorrectly handled access
restrictions. An authenticated attacker could possibly use this issue to
consume protected resources and possibly cause a denial of service.
(CVE-2022-23451, CVE-2022-23452)
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
