Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment. [TechWeb]( Follow Dark Reading: [RSS]( May 21, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms]( An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment. [Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report]( The new Secure Alternative Program from Google aims to entice customers away from Exchange Online and break Microsoft's dominance in the enterprise. [Android Banking Trojan Antidot Disguised as Google Play Update]( Antidot uses overlay attacks and keylogging to target users' financial data. [CyberArk Picks Up Machine Identity Manager Venafi for $1.54B]( The acquisition gives CyberArk new IoT identity and certificate life-cycle management, cryptographic code-signing, and other services to secure the enterprise cloud. [Students Spot Washing Machine App Flaw That Gives Out Free Cycles]( UCSC students say that after reporting the bug months ago, they're still able to rack up unlimited free wash loads at their local laundromat. American Enterprises Can Learn From Europe's GDPR Mistakes]( As the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe's costly missteps. [(Sponsored Article) Integrating Data Security Into the Security Operations Center]( Attackers have one motive: gaining access to the most critical data in the organization. It's time to bring data security into the SOC experience. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking down CISA's Secure by Design Pledge; Singapore puts cloud providers on notice. [Whose Data Is It Anyway? Equitable Access in Cybersecurity]( Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data. [Intel Discloses Max Severity Bug in Its AI Model Compression Software]( The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems. [There Is No Cyber Labor Shortage]( There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places. [MORE]( PRODUCTS & RELEASES [HP Catches Cybercriminals 'Cat-Phishing' Users]( [NRECA Receives $4M in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness]( [Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc.]( [ZeroRisk Cybersecurity Expands Global Presence With US Launch]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days]( A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details. LATEST FROM THE EDGE [Transforming CISOs Into Storytellers]( Faced with chilling new SEC rules, chief information security officers are learning soft skills to help them better communicate cybersecurity concerns with the C-suite. LATEST FROM DR TECHNOLOGY [OpenSSF Siren to Share Threat Intelligence for Open Source Software]( The Siren email mailing list will focus on operational impact and response and act as a central location to provide information about threats and necessary post-disclosure activities. LATEST FROM DR GLOBAL [DoJ Shakes Up North Korea's Widespread IT Freelance Scam Operation]( Fraudsters based in the US and Europe indicted for helping North Korea's nation-state groups establish fake freelancer identities and evade sanctions. WEBINARS - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( - [Securing Code in the Age of AI]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Generative AI Gifts]( - [SecOps Checklist]( - [2023 Global Threat Report]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [A Short Primer on Container Scanning]( - [A Short Primer on Container Scanning]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123606&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.21.24&sp_cid=53583&utm_content=DR_NL_Dark%20Reading%20Daily_05.21.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#42 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)