Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities
Software vendors are often distributing their wares on virtual appliances with exploitable and fixable vulnerabilities, and running on outdated or unsupported operating systems:
The Orca Security research study found 401,571 total vulnerabilities in scanning 2,218 virtual appliance images from 540 software vendors.
The research has started to move the cloud security industry to a safer future. Since alerting vendors of these risks, 287 products have been updated and 53 removed from distribution, leading to 36,938 discovered vulnerabilities being addressed.
For example, Dell EMC issued a critical security advisory; Cisco published fixes to 15 found security risks; and IBM, Symantec, Kaspersky Labs, Oracle, Splunk, ZOHO and Cloudflare all removed outdated or vulnerable virtual appliances.
The “Orca Security 2020 State of Virtual Appliance Security” report found that as evolution to the cloud is accelerated by digital transformation across industries, keeping virtual appliances patched and secured has fallen behind. The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems.
To help move the cloud security industry towards a safer future and reduce risks for customers, Orca Security analyzed 2,218 virtual appliance images from 540 software vendors for known vulnerabilities and other risks to provide an objective assessment score and ranking.
Virtual appliances are an inexpensive and relatively easy way for software vendors to distribute their wares for customers to deploy in public and private cloud environments.
“Customers assume virtual appliances are free from security risks, but we found a troubling combination of rampant vulnerabilities and unmaintained operating systems,” said Avi Shua, Orca Security CEO and co-founder. “The Orca Security 2020 State of Virtual Appliance Security Report shows how organizations must be vigilant to test and close any vulnerability gaps, and that the software industry
Apple’s iPhone 12 series launches in less than two days, but excitement about their release has been curtailed following multiple leaks detailing design compromises and cost cutting. But the biggest fear was just crushed.
Following leaks that Apple will equip the iPhone 12 range with smaller batteries than their predecessors, prolific industry insider Max Weinbach has confirmed “finalized and revised” information about the models, revealing they will somehow deliver better battery life than the iPhone 11 series. This is massive news, given poor battery life is a deal breaker for many users.
Weinbach, via his PineLeaks account, states that iPhone 12 upgraders should “expect at least a 1 hour battery life increase for the Pro models”. This is a remarkable achievement considering they also have power draining 5G modems, which have forced rivals to fit significantly larger batteries just to stand still (hat tip to Apple’s remarkable new A14 chipset). Weinbach says the exception is the all-new iPhone 12 mini which will “perform worse than the current iPhone 11, which is expected because of its [smaller] form factor.”
That said, it isn’t all good news. The leaker also retweeted a claim by respected tipster Jon Prosser that the iPhone 12 range will miss out on 120Hz ProMotion displays and the decision was “100% about battery life.” Prosser explains that the “Hardware was more than capable – but it just eats through battery, and 5G drains enough battery by itself. It was basically a choice between 120Hz or 5G, and they picked 5G.”
Prosser goes on to say this was the right decision because “5G is
Software heavyweight Aveva reveals drop in sales due to foreign exchange shifts and delayed contracts
Industrial software giant Aveva Group has said it predicts foreign exchange headwinds and the slippage of contracts to cause first-half revenues to be significantly lower.
The Cambridge-based company believes revenues will end up at around £333million in the six months to the end of September against £391million in the same period last year.
Shares fell 5.3 per cent to £45.23 after it revealed results were affected by two medium-sized subscription deals that were expected in the second quarter now sliding into the third quarter and harmful foreign exchange headwinds.
But Aveva still said that it managed to perform ‘creditably’ and has not altered its outlook for the 2021 financial year.
It wrote: ‘Notwithstanding Covid-19 related disruption, there has been solid demand for AVEVA’s software due to its ability to drive efficiency, flexibility and sustainability for customers across a wide range of industries.’
Orders and revenue growth for the remainder of the year are expected to be strong though thanks to contract slippage, as well as a higher level of renewed contracts, including large-scale global accounts.
In a separate announcement, the FTSE 100 firm revealed it had completed the syndication of a £250million revolving credit facility concerning its planned purchase of OSIsoft with numerous banks such as HSBC and J.P. Morgan.
Another $900million loan that was due to be provided by the banks will instead come straight from Schneider Electric, which controls around 60 per cent
U.S. Department Of Justice Reveals Growing Bitcoin And Crypto National Security Threat Could Herald ‘Oncoming Storm’
Bitcoin and cryptocurrency use by terrorists, rogue nations and other criminals has grown in recent years—with high-profile attacks drawing international attention.
The illicit use of bitcoin and cryptocurrency ranges from money laundering and tax evasion to extortion, with cyber criminals increasingly demanding bitcoin and crypto payments in ransomware attacks on computer systems.
Now, the U.S. Department of Justice (DOJ) has warned the emergence of bitcoin and similar cryptocurrencies is a growing threat to U.S. national security, with the attorney general William Barr’s Cyber-Digital Task Force calling it the “first raindrops of an oncoming storm.”
“Current terrorist use of cryptocurrency may represent the first raindrops of an oncoming storm of expanded use,” the Cyber-Digital Task Force said in a report that found bitcoin and cryptocurrencies pose an emerging challenge to law enforcement activities. “Cryptocurrency also provides bad actors and rogue nation states with the means to earn profits.”
The DOJ report, titled Cryptocurrency: An Enforcement Framework and published by the Attorney General’s Cyber-Digital Task Force last week, found bitcoin and cryptocurrencies have been used to support terrorism, purchase illicit items, conduct blackmail and extortion, cryptojacking and launder funds.
Investigators also said bitcoin and cryptocurrencies could be “detrimental to the safety and stability of the international financial system.”
The response of U.S. and international law enforcement has been held back by inconsistent regulation country-to-country. The DOJ has spent the last two years determining how best to address these issues, according to the document that “outlines the Department’s response strategies.”
The Milken Institute and The Harris Poll today released the findings of a joint research program called “The Listening Project,” finding a global void in leadership as the COVID-19 pandemic has killed more than one million people worldwide and has crippled international economies.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20201011005060/en/
Source: Milken Institute and The Harris Poll, “The Listening Project”
The global survey, which was conducted in two phases (before and during COVID-19*) among nearly 30,000 people across 27 countries, found “access and affordability to healthcare” and “communicable/infectious disease containment and prevention” tied as the top two priorities on the list. “Corruption and transparency” rose to the third most urgent problem, as citizens became frustrated with government’s handling of COVID-19 around the globe.
“The Listening Project” demonstrates the widespread lack of support for how countries have handled COVID-19. For example:
Globally, 71% of respondents said “this is the lowest point in my country’s history.”
Nearly two-thirds of people say that “their leaders are out of touch with the rest of the country” (63%) and that “the people running the country don’t really care what happens to me” (62%).
Out of 12 countries surveyed in September, in only three (Malaysia, China, and India) did more than half of the respondents strongly support their country’s handling of the pandemic.
In the U.S., only 29% of respondents strongly support the country’s response.
“‘The Listening Project’ confirms the most urgent global priorities for which we and our partners across corporate, government, and philanthropic sectors must develop solutions,” said Richard Ditizio, President and COO of the Milken Institute. “Through the Milken Institute’s convening and programmatic platforms, we help leaders, experts, and influencers step up to the challenges in front of us, whether it’s rapidly developing vaccines and treatments, increasing access