Did you know that the default “copy link” option in O365 personal accounts generates a public shared link with edit permissions? In this edition, we will cover how link sharing in O365 can lead to the accidental internal and public exposure of sensitive data.

Some organisations fully outsource their cyber security requirements to MSSPs, while others only outsource specific aspects. MSSPs differ from MSPs (Managed Service Providers) in that they specialise in cyber security. By contrast, MSPs are more focused on the remote management of IT infrastructure. Many MSPs do offer security services but, owing to the highly specialised nature of cyber security, some chose to partner with MSSPs.

The healthcare industry is transforming with the integration of ground-breaking technologies capable of storing patient records electronically. The shift to the digitization of systems makes a variety of healthcare solutions possible that never could have been imagined — but it also puts healthcare data at risk to hackers and cyber attacks. In answer to this problem, blockchain technologies are emerging as a viable option for the storage and updating of electronic health records (EHRs).

Developer security training is more critical than ever, but data shows us that the industry isn’t taking it quite as seriously as it should. A recent ESG survey report, Modern Application Development Security, highlights the glaring gaps in effective developer security training.

“Send it to the cloud” has been the increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it. Another infrastructure owned by a third party who has teams dedicated to implementing security by design, continuous testing and validation – this all sounds attractive.

Veracode recently sponsored Enterprise Strategy Group’s (ESG) survey of 378 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.

One question I get asked frequently is “how can I get deeper insight and audit correlation searches running inside my environment?” The first step in understanding our correlation searches, is creating a baseline of what is expected and identify what is currently enabled and running today. Content Management inside Splunk Enterprise Security is a quick way to filter on what is enabled (and it’s built into the UI and works out of the box).

In 2020, security trends have mutated in a matter of months. Since February, the FBI has reported a 300% jump in reported cybercrimes related to the COVID-19 pandemic. The Federal Trade Commission (FTC) alone has registered over 18,257 COVID-19 security complaints that consequentially equates to nearly $13.44 million in losses.