Cyber Security Today: Secure computing enclave from Google, more attacks on Drupal

A secure computing enclave platform from Google, more attacks on Drupal content management systems and change your Twitter password

We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Monday May 7th.  To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

 

Hackers go after important data held by organizations. But to get there they often have to go through the IT infrastructure, including the operating system. Encryption helps, but for some companies isn’t enough. Google is now offering an additional way of protection. It has created a way for organizations to create a trusted computing environment by using an open source framework it calls Asylo. Creating a trusted enclave isn’t new. But it wasn’t easy. Google says its new tools make it simpler. Asylo will verify software code integrity, provide isolation for sensitive workloads and offer communication encryption tools. It’s still early. We’ll see if IT departments take advantage.

A week ago I talked about the need for administrators of Drupal content management systems to patch their servers against the “Drupalgeddon 2.0” vulnerability. Here’s another reason: Researchers at Imperva have discovered a malware that tries to plant a cryptocurrency miner on servers that run Drupal. And last month it also found the malware trying to attack servers running the vBulletin content management system. If successful, the malware tries to install the mining software on any person’s browser that visits the infected Web site. That’s cunning, because the purpose of a content manager is to host content for Web sites. Imperva dubs this malware “Kitty” because the mining script is called “meow.” Administrators have to patch content management systems as soon as possible. And end users have to watch for signs their computers are slowing. Maybe they’ve been exploited.

Finally, by now I hope Twitter listeners have got the message from the company and changed their passwords. Twitter usually scrambles users passwords for protection. But last week it discovered a bug in the procedure copied the clear passwords to an internal company log before being encrypted. There’s no evidence, the company said, that log was disclosed to an attacker. But out of caution Twitter told users to change passwords. Would Twitter have done this had the company not been in the spotlight recently? Who knows. But it’s good publicity that it moved so fast. Other companies should learn.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast