Around 20% of the top 1,000 most popular Docker containers on the Docker Hub portal are impacted by a misconfiguration that can expose users systems to attacks, under certain conditions.

The flaw is similar to the one that impacted the official Alpine Linux Docker container last week when Cisco Talos researchers found that Alpine Linux Docker images released in the past three years came with an active root account that used a blank password…

https://www.zdnet.com/article/root-account-misconfigurations-found-in-20-of-top-1000-docker-containers/

Microsoft patched today a critical Remote Code Execution (RCE) vulnerability found in the Remote Desktop Services (RDS) platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations…

https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-remote-desktop-flaw-blocks-worm-malware/

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty keys still protect against phishing attacks. Still, the company is providing a free replacement key to all existing users…

https://techcrunch.com/2019/05/15/google-recalls-its-bluetooth-titan-security-keys-because-of-a-security-bug/amp/#referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s

Amazon’s Alexa Guard feature is now rolling out in the US, following an invite-only preview that lasted a few months. This free update lets your Echo speaker listen for signs of danger in your home while you’re away. Sounds like glass breaking (caused by a burglar or a moody cat) or a smoke alarm going off will trigger Alexa to send out Smart Alerts consisting of audio clips. If your Echo has a built-in camera, it will show a direct video feed into your home…

https://www.theverge.com/2019/5/14/18618098/alexa-guard-amazon-echo-speaker-security-feature

WhatsApp on Tuesday encouraged its users to upgrade the app after a security breach allowed sophisticated attackers to sneak spyware into phones, in the latest headache for parent company Facebook.
The vulnerability — first reported by the Financial Times, and fixed in the latest WhatsApp update — allowed hackers to insert malicious software on phones by calling the target using the app, which is used by 1.5 billion people around the world…

https://www.news.com.au/technology/online/hacking/whatsapp-urges-upgrade-after-serious-security-breach-allowed-hackers-to-put-spyware-on-phones/news-story/2b42521cfdb68fca9841a25875dfa7df

Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.

For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images…

https://threatpost.com/alpine-linux-docker-images-unlocked/144542/

Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year.

Corporate espionage is on the rise as a motivation for cyberattacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months..

https://threatpost.com/verizon-dbir-espionage-c-suite-cloud/144486/

For at least the past hour or two, Microsoft’s Azure cloud has been up and down globally due to a DNS configuration mishap.

The platform-wide outage has knackered all sorts of Redmond-hosted systems around the world, from Azure SQL databases and App Services to multi-factor authentication, Microsoft 365 and Teams, Dynamics, SharePoint Online and OneDrive..

https://www.theregister.co.uk/2019/05/02/microsoft_azure_outage_dns/