The power of two CVEs Most people take it as a given that the gas station down the street will be open and have plenty of gas available, even if the price is higher than they’d like. That assumption was shattered in early May because of two unpatched vulnerabilities in Colonial Pipeline’s network. The attack that crippled the gas supply for the entire east coast didn’t require explosions or forces of nature. In fact, the root of the problem came down to three far more benign factors – phishing, lack of backups, and known vulnerabilities or CVEs.
Many businesses are running remotely as a result of the latest COVID-19 pandemic. The 'new normal' has expanded the market for digital transformation initiatives and cloud migration strategies. However, according to Verizon's 2020 Data Breach Investigations Report, cybercriminals are taking advantage of enterprises' desperate digital transformation initiatives by developing new ways to target and exploit their web applications. As remote working takes over in the face of the global pandemic, end-to-end protection from the cloud to the employee laptop becomes paramount.
We sat down with our customer - Deputy Group CISO at ITV, Jaspal Jandu who offers a practical view of today’s cybersecurity challenges including digital transformation, vulnerability management, risk prioritization and building a security culture from within.
5G introduces security concerns but threat modeling can help you make better informed decisions about your application security risks. 5G is fundamentally different from 4G, LTE, or any other network the telecommunications industry has ever seen before. It promises data rates 100 times faster than 4G, network latency of under 1 millisecond, support for 1 million devices/sq. km., and 99.999% availability of the network. The rollout of 5G will reach one-third of the global population by 2025, and the U.S., South Korea, and China are already on the forefront of 5G deployment.
In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code. Through our research we’ve been exposed to various use cases that either significantly reduced or completely eliminated the attack vector. Although ours is not the official remediation advice from Google Play, they’re worth examining to gain further insight. And to be extra safe, we’ll also look at some remediation recommendations from Google Play.
In today’s world, data breaches are a fact of life for both consumers and companies. It’s become somewhat of a truism to point out that for many companies breaches are a matter of if not when as defenders are at a significant disadvantage. The reason this is the case is that over the past 15+ years, we’ve seen the growth of a concerning trend that’s become almost banal today – the rise of what has been dubbed “mega-breaches.” This term is used to refer to breaches impacting 1 million or more records, which was once upon a time a startling hallmark.
Recently I attended another great Evanta CIO event, and in the course of a day packed with excellent talks and knowledge-sharing opportunities, I had the opportunity to sit down and discuss the topic of network and security transformation with Stuart Hughes, the CIDO at Rolls Royce. Stuart shared his experiences over the past 18 months, discussing how the pandemic—among other things—had changed his strategic approach to security. The following are three key observations and quotes I took from the discussion and my thoughts. “This year has often required us to focus on practicality rather than perfection”
The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. It was updated in December 2018 to revision 2. This was the result of a Joint Task Force Transformation Initiative Interagency Working Group; it’s something that every agency of the U.S. government must now abide by and integrate into their processes. It was most recently integrated into DoD instructions, and many organizations are now creating new guidance for compliance to the RMF.
Whilst no one saw COVID-19 in the tea leaves, remote access has been essential for productivity over the last year. Businesses are shifting to hybrid work environments, and demands for technology to facilitate this are higher than ever. However, the surge in adoption of cloud services for survival was merely an acceleration and, amid the pandemic, organizations deployed SaaS solutions rapidly rather than as a longer, strategic rollout. These hasty deployments created issues with balancing user experience and security leaving both areas becoming overlooked. In turn, this has been a big driver of Shadow IT projects as employees will use their own means of technology for projects ‘just to get the job done’.
The events of 2020 didn’t prevent small- to mid-sized businesses (SMBs) from adopting the cloud. Impact Networking reported that SMBs’ overall cloud spending grew 6.3% between 2019 and 2020. Such growth is projected to lead more than a third (35%) of SMBs to annually spend between $600,000 and $1.2 million on public cloud services by the end of 2021, noted Statista.
The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security that we depend on; and the electricity that lights our world — essentially, all we consider vital for our routine lives relies on the critical infrastructure that supports these sectors.
Data loss refers to the unwanted removal of sensitive information either due to an information system error, or theft by cybercriminals. Data leaks are unauthorized exposures of sensitive information through vulnerabilities on the digital landscape. Data leaks are more complex to detect and remediate, they usually occur at the interface of critical systems, both internally and throughout the vendor network. In cybersecurity, the terms data leak, data breach, and data loss are often incorrectly used interchangeably. Though their definitions slightly overlap, these terms refer to very different events.
Many organizations are equipped to handle insider threat and external, common well-known challenges (like malware, for instance). These so-called “intentional” threats can be addressed through proactive security measures and best practices. But what about the unintentional risks that come with operating in a cloud-first environment? Unintentional mistakes, such as misconfiguring cloud infrastructure, can be equally devastating. Take, for instance, the November 2020 incident in which at least 10 million files with data from the travel industry were exposed after being stored in a misconfigured AWS S3 bucket.
On Friday, 7th May, the organisation confirmed that a ransomware attack had forced it to shut down all its IT infrastructure – an infection attributed to the DarkSide cybercrime gang. However, just one week later, amid reports that a ransom of around $5 million had been paid out, DarkSide announced that it had stopped operating entirely. In this blog post, we examine these events and debate whether they have led to the demise of the cybercrime group – one that has risen rapidly up the watch lists of security teams over the last 12 months.
Cyberattacks are getting common and their impact is quite severe. Security breaches are no longer limited to a few large tech companies. Cybercriminals have rapidly altered tactics and started targeting several Small and Medium Enterprises (SMEs) as well. Today, companies, big or small, are targets of ransomware, viruses, malware, bots etc. Hence, it is important to understand some of the common cybersecurity keywords or jargon. Knowing what they mean could help companies become quickly aware of their digital security needs and set up defences accordingly.
Security and defense theory are inextricably entwined. Consider medieval castles. They were designed as a defensive mechanism that provided security to those within, most of whom were simply civilians hiding behind the walls for protection from invaders. Within cybersecurity, multiple concepts from defense and war theory can be applied to better address the cyber risks facing organizations. In fact, the term Bastion Host refers to a Bastion which has very militaristic connotations. In previous posts, the concepts of security cycle theory, attacker motivations, and threat adaptation have been explored. Another critical concept is that of asymmetric threats.
Collaboration Rules is a company core value and at the heart of Detectify. It drives innovation and productivity in our organization, and activates our ability to build products to drive the future of internet security. Two of the methods we use for collaborating are Mob Programming in Engineering and Sourcing Jams in the Talent Acquisition team. At Detectify, collaboration is the way forward, and let’s dive into these use cases and our learnings. We hope they can inspire your teams to try a new approach to collaborating in the future!
When it comes to GDPR compliance, contracts are some of the most powerful tools you have to show to regulators. They allow you to receive legal guarantees from your service providers and third parties that protect you from liability in the event of a breach in compliance. You aren’t off the hook for everything, but at the very least you won’t be liable for negligence.
If your development team isn’t yet using shift-left testing, you could be wasting time, money, and energy. Teams that practice shift-left testing are able to identify potential roadblocks early in the process, change scope when needed, and improve design to avoid buggy code. When a bug does occur, it can be identified and dealt with quickly so as not to impact the project later on. Shift-left testing proposes to help agile teams become more agile. Here’s what shift-left testing is, how it works, and how to think about shift-left security.
There are more than 250,000 merchants using the Magento open commerce platform around the world, resulting in millions of users accessing a Magento website every day. That was before the Covid-19 pandemic hit and drove a colossal surge in online activity and, unsurprisingly, consumers significantly exceeded spending predictions. In 2019 there were two days of digital sales that reached $2 billion, and in 2020 there were more than 130.
As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become synonymous with risk mitigation, as organizations continue to embrace security at all stages of the software development life cycle (SDLC). This effort includes automation, which helps to reduce the labor of testing and ensures applications are secured without impacting velocity.
In a crowded market with so many new products being released, it can often be hard to make sure you're getting the right tool for your organization's security needs. Purchasing an Insider Threat Detection tool for your organization requires extensive research, which can be very time-consuming.
In today’s modern era where everything is being digitised, cloud technology is playing a huge role in our everyday tech life. People want to use lesser physical resources, want easier management and trouble-shooting of their digital assets, hence increasing the usage of cloud technology.
Last year was an especially stressful time for healthcare systems. Not only were emergency rooms overwhelmed by patients, a number of them were also hit by system-crippling cyberattacks. According to Comparitech, in 2020 alone, 92 ransomware attacks affected over 600 healthcare organizations, exposing more than 18 million patient records. These attacks brought operations to a standstill for days or weeks at a time, costing the healthcare industry an estimated $20.8 billion.
We all dream of creating the next big thing: getting that investment that will help us over the finish line, landing a partnership with one of the big players, or getting acquired by a global enterprise. But as we race to keep ahead of the market and surprise our customers with bigger and better offerings than they ever imagined, we have to pass that dreaded series of hurdles: technical due diligence.
A squid proxy server has two major functions. First, it is an intermediary proxy. Second, it provides cache services for popular network protocols including HTTP and FTP. The use of proxies and cache services makes up a better internet user experience. Proxies provide added layers of security and cache services that make loading processes faster. Obviously, getting both services from a single provider is highly efficient.
The COVID-19 pandemic has fundamentally shifted the cyber threat landscape for Australia’s health sector, with the Australian Cyber Security Centre (ACSC) reporting a 84% increase in the number of cyber security incident reports relating to the health sector between 2019 and 2020.1 As custodians of vast volumes of highly sensitive information, the industry continues to find itself at the mercy of cyberattacks that paralyze systems until a ransom is paid—threatening the security of patient data and jeopardizing the delivery of care.
The Department of Health and Human Services (HHS) defines a transaction as an electronic exchange of information between two parties, to carry out financial or administrative activities related to healthcare. For example, a health care provider will send a claim to a health plan to request payment for medical services. Under the Health Insurance Portability and Accountability Act (HIPAA), the department adopted specific “standard transactions” for the electronic exchange of data in the healthcare industry, to facilitate those transactions among various healthcare parties.
Every time you log on to the Internet, you put your IT systems and the data you handle at risk. At the same time, it’s also impossible to run a successful business without going online, so a key element of modern business management is a strong cybersecurity risk management program. Why? Because the only people in the cybersecurity field working harder than software engineers are the criminals trying to find a new way to breach the latest network security measures. Always remember that strong cybersecurity risk management is a flexible, evolving program that changes in response to newly emerging security threats.
Atlassian made a big splash in cloud SaaS news when they announced that the company would stop selling new on-prem server licenses as of February 1, 2021. Upgrades of existing server licenses will continue to be available through the third quarter of 2022. Impacted services include Jira Software Server, Jira Core Server, Jira Service Desk Service, Confluence Server, Bitbucket Server, Crowd Server, Bamboo Server, Atlassian-built apps, and Atlassian Marketplace server apps. These moves come ahead of Atlassian’s 2024 end of life for on-prem server support.
Consumers are notoriously impatient when it comes to poor digital experiences. According to the ForgeRock: The New Normal survey, 35% of consumers will cancel or delete your app if they have trouble logging into your service. And 32% will switch to your competitor. Ouch!