Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities

NEWS HIGHLIGHTS

Software vendors are often distributing their wares on virtual appliances with exploitable and fixable vulnerabilities, and running on outdated or unsupported operating systems:

  • The Orca Security research study found 401,571 total vulnerabilities in scanning 2,218 virtual appliance images from 540 software vendors.

  • The research has started to move the cloud security industry to a safer future. Since alerting vendors of these risks, 287 products have been updated and 53 removed from distribution, leading to 36,938 discovered vulnerabilities being addressed.

  • For example, Dell EMC issued a critical security advisory; Cisco published fixes to 15 found security risks; and IBM, Symantec, Kaspersky Labs, Oracle, Splunk, ZOHO and Cloudflare all removed outdated or vulnerable virtual appliances.

The “Orca Security 2020 State of Virtual Appliance Security” report found that as evolution to the cloud is accelerated by digital transformation across industries, keeping virtual appliances patched and secured has fallen behind. The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems.

To help move the cloud security industry towards a safer future and reduce risks for customers, Orca Security analyzed 2,218 virtual appliance images from 540 software vendors for known vulnerabilities and other risks to provide an objective assessment score and ranking.

Virtual appliances are an inexpensive and relatively easy way for software vendors to distribute their wares for customers to deploy in public and private cloud environments.

“Customers assume virtual appliances are free from security risks, but we found a troubling combination of rampant vulnerabilities and unmaintained operating systems,” said Avi Shua, Orca Security CEO and co-founder. “The Orca Security 2020 State of Virtual Appliance Security Report shows how organizations must be vigilant to test and close any vulnerability gaps, and that the software industry

U.S. Department Of Justice Reveals Growing Bitcoin And Crypto National Security Threat Could Herald ‘Oncoming Storm’

Bitcoin and cryptocurrency use by terrorists, rogue nations and other criminals has grown in recent years—with high-profile attacks drawing international attention.

The illicit use of bitcoin and cryptocurrency ranges from money laundering and tax evasion to extortion, with cyber criminals increasingly demanding bitcoin and crypto payments in ransomware attacks on computer systems.

Now, the U.S. Department of Justice (DOJ) has warned the emergence of bitcoin and similar cryptocurrencies is a growing threat to U.S. national security, with the attorney general William Barr’s Cyber-Digital Task Force calling it the “first raindrops of an oncoming storm.”

MORE FROM FORBESNeither Trump Nor Biden Will Help The U.S. Dollar, Warns Early Facebook Exec-Calls Bitcoin An ‘Insurance Policy’

“Current terrorist use of cryptocurrency may represent the first raindrops of an oncoming storm of expanded use,” the Cyber-Digital Task Force said in a report that found bitcoin and cryptocurrencies pose an emerging challenge to law enforcement activities. “Cryptocurrency also provides bad actors and rogue nation states with the means to earn profits.”

The DOJ report, titled Cryptocurrency: An Enforcement Framework and published by the Attorney General’s Cyber-Digital Task Force last week, found bitcoin and cryptocurrencies have been used to support terrorism, purchase illicit items, conduct blackmail and extortion, cryptojacking and launder funds.

Investigators also said bitcoin and cryptocurrencies could be “detrimental to the safety and stability of the international financial system.”

The response of U.S. and international law enforcement has been held back by inconsistent regulation country-to-country. The DOJ has spent the last two years determining how best to address these issues, according to the document that “outlines the Department’s response strategies.”

MORE FROM FORBES‘High Risk’ Warning: A Major

COVID-19 Impact Reveals Global Leadership Crisis, According to New Global Survey

The Milken Institute and The Harris Poll today released the findings of a joint research program called “The Listening Project,” finding a global void in leadership as the COVID-19 pandemic has killed more than one million people worldwide and has crippled international economies.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20201011005060/en/

Source: Milken Institute and The Harris Poll, “The Listening Project”

The global survey, which was conducted in two phases (before and during COVID-19*) among nearly 30,000 people across 27 countries, found “access and affordability to healthcare” and “communicable/infectious disease containment and prevention” tied as the top two priorities on the list. “Corruption and transparency” rose to the third most urgent problem, as citizens became frustrated with government’s handling of COVID-19 around the globe.

“The Listening Project” demonstrates the widespread lack of support for how countries have handled COVID-19. For example:

  • Globally, 71% of respondents said “this is the lowest point in my country’s history.”

  • Nearly two-thirds of people say that “their leaders are out of touch with the rest of the country” (63%) and that “the people running the country don’t really care what happens to me” (62%).

  • Out of 12 countries surveyed in September, in only three (Malaysia, China, and India) did more than half of the respondents strongly support their country’s handling of the pandemic.

  • In the U.S., only 29% of respondents strongly support the country’s response.

“‘The Listening Project’ confirms the most urgent global priorities for which we and our partners across corporate, government, and philanthropic sectors must develop solutions,” said Richard Ditizio, President and COO of the Milken Institute. “Through the Milken Institute’s convening and programmatic platforms, we help leaders, experts, and influencers step up to the challenges in front of us, whether it’s rapidly developing vaccines and treatments, increasing access

Sony finally reveals which PS4 games won’t work on PS5

Sony has been saying for months that the vast majority of PS4 games will work on PS5 through backwards compatibility, and it’s good to get some clarity on those that won’t work. Microsoft, on the other hand, says titles going all the way back to the original Xbox will work on Xbox Series X and Series S.

There are some other details about the PS5 backwards compatibility on Sony’s support page. Some PS4 games will get a bit of an upgrade, thanks to the PS5’s Game Boost feature, which seems similar to the PS4 Pro’s Boost Mode. Compatible titles will run more smoothly and/or have a higher frame rate.

Certain features in some titles might not work on PS5 (though Sony didn’t go into specifics), and you might run into “errors or unexpected behavior” while playing PS4 games. The company suggests testing your PS4 games on PS5 before buying any add-ons or DLC you want to pick up. Sony is also urging players to keep their PS5 up to date with the latest version of the firmware, which will hopefully keep any compatibility issues to a minimum.

As Sony previously confirmed, you’ll still be able to use your PlayStation VR setup for PS VR games. The PS5 supports DualShock 4 controllers, but only for PS4 games. The Platinum and Gold Wireless Headsets also work with the next-gen console.

When it comes to games you’ve downloaded onto your PS4 and your saved data, you can transfer all of that to your PS5 over WiFi. You’ll also be able to play PS4 games directly from a supported external storage drive.

Source Article

AMD Reveals “World’s Best Gaming CPU” With Ryzen 5000 Series

AMD has officially revealed its slate of Zen 3-powered desktop CPUs, skipping the 4000 series and jumping right into the new Ryzen 5000 series. The company revealed 4 new CPUs in total, boasting that the Ryzen 5900 is now the “world’s best gaming CPU.”

The big difference with the new Zen 3 architecture is the increase in instructions per cycle, letting CPUs with the same core frequencies and core counts perform a lot better. Compared to Zen 2, which powers the current Ryzen 3000 series, Zen 3 achieves 19% more IPC, converting to an average of nearly 26% more performance in gaming alone when moving to the Ryzen 5000 series.

The jump between generations alone is massive, but it’s Intel’s gaming crown that AMD really aimed for during the presentation. The flagship of the Ryzen 5000 series, the Ryzen 3950X, doesn’t match the Intel Core i9-10900K in sheer single-core speed (4.9Ghz vs. Intel’s peak of 5.3GHz), but AMD’s own benchmarks in a suite of games show the Ryzen inching ahead in most scenarios where the CPU is the bottleneck. Those results will need to be verified in real-world use, but if they hold, it’s a big blow to Intel which only has new CPUs launching early in 2021.

One area where the Ryzen 5000 series won’t be competing with Intel is price. AMD isn’t aiming to be the best CPUs on the market and undercut the competition, with prices across the board matching those of Intel counterparts. The entire Ryzen 5000 range is $50 more for like-for-like upgrades, but just like before, AMD is promising backwards compatibility with motherboards via a firmware update. That means you can slot your new Zen 3 CPU into your system without having to replace anything else, making the price increase a little easier to