We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.
There is a common thread between academy-award winner, Leonardo Dicaprio and the indispensability of know-your-customer (KYC). For most of you Dicaprio fans out there, you would have guessed it by now, that connection is the blockbuster ‘Catch me if you can(2002)’[1]. Dicaprio portrays a master con artist, who some consider as the best of all-time, Frank Abegnale.
Businesses of all sizes are moving to the cloud to take advantage of the greater data availability, significant cost savings and data redundancy that cloud computing provides compared to a traditional data center-based physical infrastructure. Moving to the cloud can also reduce shadow IT and get data stores out from storage closets and underneath desks so they can be governed and protected in compliance with regulations and best practices.
In IT security debates, projects aimed at managing access and identifying users are considered fundamental. However, the processes and technologies for controlling permissions have proved challenging. To solve this dilemma, what is now called Identity Access Management (IAM) was created, which involves the definition and execution of identification processes related to the most critical businesses for a company.
Permissions, access controls, user rights, or privileges define what an identity can see or do in an organization. These terms are often used interchangeably based on context, and essentially perform the same function—granting or denying access to the resources in an enterprise.
This blog was written by an independent guest blogger. Image Source In Part 1 of this series, we covered the first step to better cybersecurity in touchless business solutions, which is to practice extra caution in cashless payment solutions. We continue by discussing the second step to improve cybersecurity for touchless systems, which is to increase protocols for cybersecurity and data privacy.
Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment. To proactively address vulnerabilities before they are utilized for a cyberattack, organizations serious about the security of their environment perform vulnerability management to provide the highest levels of security posture possible.
It’s soon time for Summer vacation to begin, and we’ve asked our colleagues to share some of their summer learning tips for better security awareness.
How much do you really know about your open source usage? Can you identify what open source components you’re using? How about which licenses are in play and whether you’re compliant? Do you have a good sense of how many open source security vulnerabilities are in your code base and how to remediate them? Chances are, if you’re like most organizations, you can’t answer all of these questions.
Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data’s safe return. As ZDNet reports, ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a password. Unsecured MongoDB databases being attacked by hackers is nothing new, of course.
