Eray Mitrani works for Nokia Deepfield where they are providing network analytics and DDoS-protections. He is a security researcher in the Detectify Crowdsource community. In the following guest blog, he goes through the process of finding and submitting his first module to Detectify Crowdsource, which is an authorization bypass.
Trends in computing shift back and forth like the ebb and flow of a tide. Before personal computers became household appliances, centralized computing from a client-server approach was the norm. However, widespread distribution of desktop machines lead to a change in office productivity; decentralization. People began saving their files on the same, inexpensive devices they worked from, while simultaneously using these machines to run an array of applications.
In 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) originally formed to enable the National Commission on Fraudulent Financial Reporting. COSO’s original goal, to review causal factors leading to fraudulent financial reporting, ultimately evolved as more technologies became embedded in the process.
In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As a result, the methods employed are growing in sophistication and creativity, including using internet memes to compromise systems.
Recent findings report that on average, 96 percent of systems across all industry segments have been breached. While you should absolutely update your information security system and protocols to provide the best protection you can for your data, you should also know how to spot a data breach. Unfortunately the odds of escaping one aren’t in your favor, but you can increase your chances of spotting a breach quickly and containing any damage.
In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn’t include the cost of the security upgrades required to bring its IT system up to date.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. While a quiet week in regards to note worthy news, there has been some interesting, and quite starling ones nevertheless. The first, and quite a nasty shock I imagine.
67% of small and micro businesses have experienced a cyber attack, while 58% have experienced a data breach within the last 12 months, according to a study conducted by the Ponemon Institute. Cybersecurity has become one of the major questions that plague the 21st century, with numerous businesses reporting significant losses resulting from loss of private customer data, denial of service (DoS) attacks.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
