News Roundup: Week of Jan 12, 2020

by | 16 Jan 2020

Register Security Roundup

The recent Register security roundup has highlighted issues with the recent Citrix vulnerability, TikTok security bugs and holes, and the Honey shopping addon being flagged as a security risk by Amazon, among other things. The Citrix security hole has created a situation where “up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.” We highly recommend double-checking to make sure you’ve addressed the situation effectively, as “A full patch for the hole is not due to be released by Citrix until January 20.”

Google Cloud Introduces Premium Support Plan

In a recent blog post, Google announced the introduction of a Premium Support Plan for enterprise customers in order to bring themselves up-to-par with support tiers from the likes of AWS and Azure. The promised 15 minute response time for P1 issues is now the industry standard across the board. The introduction of third-party technology support and promise of “Content aware expertise” should help to increase the overall quality and efficacy of Google’s support.

U.S. Financial Regulators Scrutinizing Cloud Data

A recent articlefrom the Wall Street Journal calls attention to increased auditing scrutiny from U.S. financial regulators concerning how firms manage data stored in the cloud. The article cites the Capital One breach as well as recent Facebook breach as obvious contributing factors. The SEC is hoping that their increased pressure on firms to properly and securely handle data in the cloud, especially as elected officials move to “label big cloud providers as systemically important because of their increasingly critical role in the industry.”

AWS Moves to Block JEDI Progress

According to a recent Federal Times article, “Amazon Web Services will ask a federal court to block the Pentagon and Microsoft from beginning work on the Department of Defense’s controversial enterprise cloud, according to a Jan. 13 court filing.” The grounds for this motion are allegations from AWS “in a December complaint that the contract award to Microsoft was influenced by President Donald Trump.” AWS has presented evidence in the form of “videos of Trump bashing Amazon in a 2016 campaign rally and saying ‘we’re going to take a look at it [the contract]’ in the Oval Office last summer.”

Microsoft’s 2020 Patch for Windows

KrebsOnSecurity published an articlerecently analyzing Microsoft’s first significant 2020 patch for Windows operating systems. The patch included “updates to plug 50 security holes in various flavors of Windows and related software.” KrebsOnSecurity highlights a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 that the “NSA says the flaw may have far more wide-ranging security implications.” We highly recommend backing up and updating your systems as necessary to address this vulnerability.