Cloud News, Articles and Updates

Modernizing Government Technology Act intro hailed by lawmakers, cyber industry

A bipartisan group of U.S. representatives from the House Information Technology Subcommittee has reintroduced the Modernizing Government Technology (MGT) Act designed to modernize the federal IT infrastructure while eliminating wasteful spending.

Zscaler fixes XSS vulnerability in admin portal affecting co-workers

Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.

Apple silently uploads iPhone call logs to iCloud Drive

Researcher at the Russia proactive software firm Elcomsoft found that iPhones silently upload call logs to iCloud.

SC Awards Finalists 2017

Data of SMBs at risk in free cloud storage, study

A significant percentage of SMBs are taking advantage of the convenience and cost savings afforded by free cloud storage solutions, according to a new study, but the security of stored information, particularly financial data and health records, could be at risk.

Study finds malware lurking in Amazon, Google and Groupon cloud services

A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms.

SEO spam injects backdoor code on WordPress sites

Security researchers discovered a search engine spam campaign that plays on WordPress administrators' use of the XML-RPC infrastructure.

Survey: Cloud security concerns linger, but not enough to stop adoption

Companies are increasingly willing to migrate their applications, data and processes to the cloud in spite of lingering security concerns, according to a new survey of Canadian senior-level IT practitioners.

Wix patches DOM XSS flaw

A security researcher discovered a severe XSS flaw in code used by the website builder Wix that could cause a worm affecting websites created by users of the DIY website platform.

Cybercriminals find many safe havens

The long arm of the law isn't so long after all when it comes to hunting cybercriminals, Bradley Barth reports.

CloudFanta campaign suspected of stealing 26K email credentials

Researchers spotted a variant of malware campaign dubbed "CloudFanta" which may have been used to steal 26,000 email credentials

Are Mirai DDoS attacks a wake-up call for IoT industry?

Friday's DDoS attacks that created major website outages across the Internet may prove to be a watershed moment for the Internet of Things industry, after years of warnings - mostly ignored - about the glaring vulnerabilities in IoT devices.

DDoS attack Friday hits Twitter, Reddit, Spotify and others

The East Coast was under siege on Friday morning from a large-scale distributed denial of service attack (DDoS) that brought down a number of prominent websites, including Twitter, Spotify, Netflix, GitHub, Amazon and Reddit.

'Biggest ever' pan-European cyber-security exercise concludes today

CE2016, the fourth in a semi-annual series of pan-European cyber-security exercises organised by ENISA, has concluded today, bringing to a close six months of activity.

Unsecured database lets hacker expose 58 million plus records from data management firm

A hacker scanning for unsecured databases has compromised at least 58 million records - and possibly as many as 258 million - from Modern Business Solutions, a data management and monetization firm.

Security and business continuity are top concerns when moving to cloud

Sixty-two percent of organisations leave data protection and availability of in-cloud data to third-party cloud providers.

Patch Tuesday: Adobe fixes critical Flash Player, Acrobat and Reader vulnerabilities

Adobe's October Patch Tuesday roll out featured three bulletins covering 84 vulnerabilities for Flash Player, Reader, Acrobat and Creative Cloud Desktop Application with all but one being rated as critical.

40 apps containing DressCode malware family found on Google Play

Researchers discovered 40 applications in the Google Play store that contain a new family of malware, dubbed DressCode.

OneLogin confirms bug which allows access to Secure Notes

OneLogin has confirmed that a bug has allowed a hacker to view some of its customers' encrypted Secure Notes.

Dropbox commended for its handling of massive data breach involving 68M users

Dropbox is being commended by security pros for its handling of a massive data breach that has exposed the login credentials of 68 million users.

Kaspersky patches DoS and kernel flaws affecting drivers

A series of flaws affecting the consumer security suite Kaspersky Internet Security was patched by Kaspersky Lab.

Two-thirds of IT security pros surveyed expect a breach to hit their company, report

While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.

Cisco shedding 7% of its workforce

The world's biggest networking equipment company, Cisco Systems, will layoff about 5.5K employees.

Half of enterprises ill-prepared for inside attack, study

Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.

Researcher accidentally sent solar development device, says he can shut down electricity generation facilities

Security researcher Fred Bret-Mounet found vulnerabilities affecting the management unit on his home's solar array, a device that monitors solar panels over the internet.

O2 confirms USBs distributed in marketing campaign contain virus

USB pens distributed by the U.K.-based mobile network O2 as part of a promotional campaign for an eBook were discovered to contain a "Windows specific virus", according to a company statement.

U.K. testing social media logins for authentication

To enhance the use of its web portal, gov.uk, the U.K. government is testing the use of its subscribers' social media logins as an authentication method.

Cerber ransomware C&C server shut down by research firm and CERT-Netherlands

A malicious spam email campaign discovered by FireEye, used Microsoft Word attachments containing macros that launched a command and control Cerber installers.