Every day, organizations around the world use due diligence questionnaires (DDQs) to evaluate potential business partnerships and gain a better understanding of the way various third-party vendors conduct day-to-day operations. These questionnaires help organizations investigate potential business ventures or partnerships to confirm they are making a good investment before entering into an agreement with a third-party.
Defense contractors across the U.S. are moving to update their cybersecurity programs to meet or exceed Cybersecurity Maturity Model Certification (CMMC) requirements launched in 2020 by the Department of Defense (DoD) to provide greater protection of Controlled Unclassified Information (CUI). The effort required for CMMC Level 3 Certification will be significant for many of the small to midsized firms who have limited information technology and cybersecurity personnel and resources.
To thrive in today’s cybersecurity landscape, learning the art of defence is essential, and layering this approach with Att&ck framework techniques has become a necessity. It means your organization needs to have a cybersecurity team to ensure that every aspect of your infrastructure is secured through processes, technical controls, and people.
On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.
SHORT SUMMARY: STOCKHOLM, SWEDEN – In February 2021, Detectify co-founder and Crowdsource hacker Frans Rosén was looking for security bugs in Apple services. Noticing that many of Apple’s own apps store their data in public databases on Apple’s data storage framework CloudKit, Frans was curious to know if any specific apps’ data could be modified with access to the public CloudKit containers in which their data was stored. Long story short, they could.
The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Leen Neuman, a Front End Engineer at Torq, based in our Tel Aviv office.
