A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If you happen to have some switches by Aruba and Avaya that are accessible on the Internet, you might want to patch them like now. There happens to be a trivial exploit allowing take over…

As we approach the one-year anniversary of the Colonial Pipeline ransomware attack, it is an excellent time to reflect upon what took place and how that incident can serve as a teaching point for any organization interested in preventing a ransomware attack. First, here is a quick refresher on what transpired.

The idea behind World Password Day is simple: to promote the use of strong, unique passwords to keep your accounts protected and your browsing safe. For those of you wondering how best to celebrate the day, we’ve got a challenge for you: how high can you get your 1Password Watchtower score? While a high Watchtower score won’t give you access to better loan rates, it will give you peace of mind. Not to mention some bragging rights, too.

Resilience means more than bouncing back from a fall at a moment of significantly increased threats. When addressing resilience, it’s vital to focus on long-term goals instead of short-term benefits. Resilience in the cybersecurity context should resist, absorb, recover, and adapt to business disruptions.

Databases are sensitive resources that need an additional layer of protection and security. Though database servers have built-in authentication and authorization mechanisms, they are not designed for cloud-based, multi-tenant access mechanisms. Managed databases such as Amazon RDS are accessed and administered by different personas with varying levels of access permissions.

Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI. The FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement on May 4 2022, sharing updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering and phishing techniques to break into accounts and trick companies into transferring large amounts of money into the hands of criminals.

Today, Calligo announced that we have partnered with BigID. The BigID data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, and governance. This partnership will enable Calligo to provide clients with the ability to proactively discover, manage, protect, and gain more value from their regulated, sensitive, and personal data across their data landscape.

Many companies look to CISOs or compliance teams to manage security throughout software development. But this practice usually keeps security considerations separate from developers. CISOs can assign security tasks to developers, but if developers aren’t thinking about security regularly, those tasks may be overlooked.

While the stakes for private sector organizations differ drastically from governments that have to protect state secrets like hacking tools or nuclear technologies, businesses do have their own needs for Data Loss Prevention measures. Organizations can face the threat of data like their intellectual property (IP), source code, customer details, Personally Identifiable Information (PII), financial info, and many other types of information being stolen or corrupted.