Many organizations are equipped to handle insider threat and external, common well-known challenges (like malware, for instance). These so-called “intentional” threats can be addressed through proactive security measures and best practices. But what about the unintentional risks that come with operating in a cloud-first environment? Unintentional mistakes, such as misconfiguring cloud infrastructure, can be equally devastating.

There are more than 250,000 merchants using the Magento open commerce platform around the world, resulting in millions of users accessing a Magento website every day. That was before the Covid-19 pandemic hit and drove a colossal surge in online activity and, unsurprisingly, consumers significantly exceeded spending predictions. In 2019 there were two days of digital sales that reached $2 billion, and in 2020 there were more than 130.

More than half of websites today support HTTP/2 for an improved user experience as web developers continue to move off HTTP 1.1. That’s for several good reasons. HTTP 1.1 can support six concurrent TLS tunnels with one session each to download web objects in popular web browsers, but HTTP/2 uses multiplexing to support thousands of sessions in one TLS tunnel and download web objects much faster.

Security and defense theory are inextricably entwined. Consider medieval castles. They were designed as a defensive mechanism that provided security to those within, most of whom were simply civilians hiding behind the walls for protection from invaders. Within cybersecurity, multiple concepts from defense and war theory can be applied to better address the cyber risks facing organizations. In fact, the term Bastion Host refers to a Bastion which has very militaristic connotations.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Silicon hacks this week…. The dives into the M1 chip by Ashai Linux discloses another issue apparently…

When running Splunk Phantom with AWS services, it can be tricky to make sure Splunk Phantom has the right access. When you’re managing multiple AWS accounts, the effort to configure Splunk Phantom’s access to every account can feel insurmountable. Fortunately, Amazon has the Security Token Service to solve this problem with temporary credentials, so we’ve integrated it with Splunk Phantom!

Prudential Standard CPS 234 Information Security (CPS 234) is an APRA prudential standard. Australian Prudential Regulation Authority’s (APRA) mission is to establish and enforce prudential standards designed to ensure that, under all reasonable circumstances, financial promises made by its regulated entities are met within a stable, efficient, and competitive financial services sector.