The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.
Rapid digitalization and increasing remote business operations place a significant burden on developers, who are continuously pressured to push out software faster. As a result, CI/CD security risks being overlooked, although it is an essential part of modern software development practice. While it accelerates product releases, CI/CD is vulnerable to cybersecurity issues such as corrupted code, security misconfiguration, and mismanagement of secrets.
CrowdStrike Falcon OverWatch™ threat hunters frequently uncover security testing activity in the course of routine hunting. While much of this activity can be confidently attributed to planned and sanctioned testing, OverWatch is always careful not to discount a threat on the basis that it looks like a test. Some of the more stealthy adversaries will attempt to evade detection by mimicking or using tools and techniques commonly used by security testers.
As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.
On October 25th, The OpenSSL team announced that OpenSSL 3.0.7 will contain a fix for a critical severity vulnerability that affects OpenSSL 3.x. The full details about the vulnerability were held in an embargo until November 1st. Due to the rarity of an OpenSSL critical-severity issue and the overwhelming popularity of OpenSSL, social media was flooded with messages about this issue, expecting a “Log4Shell”-level event.
Telework has become a mainstay, and with it, so has employee reliance on personal mobile devices. These devices are difficult to monitor and keep up to date, presenting a unique security challenge for U.S. local, state, and federal government organizations.
Controlling information leakage is one of the top digital ID advantages for people’s privacy. It is also known as “selective disclosure,” and it is something that all digital ID adapters regard to be critical for user privacy. However, a closer examination reveals that such a system might result in a digital trail of where and when a license is displayed, possibly allowing governments or corporations to follow people or their transactions.
Comodo is a cybersecurity solutions provider helping businesses and individuals stay protected from all sorts of cyber threats. It provides verdict processing, digital certificates, endpoint protection, helps organizations implement and monitor their network security policies, and much more. Among its digital certificates, Comodo also provides code signing certificates to developers and development companies.
