Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

The Greatest of Rewards - Working with Integrity

There are many rewards to being a world class cybersecurity solutions provider at a time when demand for effective solutions is exponentially greater than the existing supply – and getting greater by the minute. But, perhaps the greatest reward is to be asked to model best practices and product capabilities for the greater good of business and missions in a world class lab. Better yet, to collaborate with the most widely recognized standards body in the world to establish such a model.

RSA 2019 - A Case of the Blues

RSA is arguably the biggest business-focussed cyber security event of the year. As over 40,000 security professionals completely take over the Moscone Centre in San Francisco. Of course, one of the biggest changes this year was a case of the blues - as AlienVault made its transition into AT&T Cybersecurity. There were smiles all around, and the now blue blinky sunglasses remained a favourite across our two booths.

The cyber threats caused by non-existent people

Computers are making humans now. Sort of. In a recent discussion at Bulletproof, someone casually mentioned ‘thispersondoesnotexist.com’. It’s a fairly harmless experiment in which AI randomly generates an image of a person who does not exist, thus solving the mystery of the name. This has since prevented me from sleeping at night, not least because I have turned up on it more than once.

What are the different types of XSS?

Cross-site scripting (XSS) is a common vulnerability that is carried out when an attacker injects malicious JavaScript into a website, which then targets the website’s visitors. By doing so, the attacker may gain access to users’ cookies, sensitive user information, as well as view and/or manipulate the content that is shown to the user. This is not another article explaining what XSS is, why it is a security issue and how to fix it because we have already covered that.

Weekly Cyber Security News 15/03/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Biometrics again. Here’s the thing, you get the consumer all fired up and (as the article says) actually put in some good kit saying this is reliable, and then further down the line substitute it for something that is not so great; will the consumer be aware of the down grade? Most likely not. As with all authentications, biometrics included, don’t rely on just one key…

Making it Rain - Cryptocurrency Mining Attacks in the Cloud

Organizations of all sizes have made considerable shifts to using cloud-based infrastructure for their day-to-day business operations. However, cloud security hasn't always kept up with cloud adoption, and that leaves security gaps that hackers are more than happy to take advantage of.

The Safe (and Unsafe) Ways to Use Public Links for Collaboration

Earlier this week security firm Adversis published an article that exposed a vulnerability with a consumer-grade file sharing provider, which was created by the use of public links. For those who may not be familiar, many content collaboration solutions allow users to create links to one or more files or folders that can easily be shared internally or externally via text, email, social media, etc. (more info on links).

Higher Education Security Breaches To Learn From

Higher education finds itself facing a threat to its financial security even larger than student retention – data breaches. As colleges and universities begin to adopt mobile technologies, they also find themselves increasingly targeted by malicious actors. Understanding the recent security breaches impacting the industry can educate institutions about information security.

Help stop data leaks with the Forseti External Project Access Scanner

Editor’s note: This is the second post in a series about Forseti Security, an open-source security toolkit for Google Cloud Platform (GCP) environments . In our last post, ClearDATA told us about a serverless alternative to the usual way of deploying Forseti in a dedicated VM. In this post, we learn about Forseti’s new External Project Access Scanner. With data breaches or leaks a common headline, cloud data security is a constant concern for organizations today.

The Power of Vulnerability Management: Are You Maximizing Its Value?

Tripwire has been in the business of providing vulnerability management solutions with IP360 for about 20 years. With over 20,000 vulnerabilities discovered last year alone, vulnerability management continues to be an important part of most security plans. And most organizations agree.