In the original Star Trek episode “The Trouble with Tribbles,” an unscrupulous merchant, Cyrano Jones, gives a small furry animal called a Tribble to communications officer Uhura. Uhura takes the Tribble aboard the Starship Enterprise where the animal begins to quickly reproduce, thereby threatening to overrun the ship and cause significant damage.

With more colleges and universities incorporating Software-as-a-Service (SaaS) platforms to enable registrars, admissions, and financial aid offices, they are collecting more electronic student information. Couple that with weak networks and systems, and the state of cybersecurity in higher education earns an F. To remain solvent in an era of continued student recidivism, higher education needs to focus more efforts on protecting this information from cybercriminals.

In a previous blog, I discussed securing AWS management configurations by combating six common threats with a focus on using both the Center for Internet Security (CIS) Amazon Web Services Foundations benchmark policy along with general security best practices.

Having covered the start-up vs corporate question before, we thought we would look into which industry is currently most at risk of cyber attack. According to the Wikipedia entry ‘list of data breaches’, which contains a list of data breaches (spoilers), out of 255 data breaches over the last 15 years, historically, the hardest hit industry was ‘web’.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. My heart goes out to a victim of a hack this week, an email provider who lost the lot. OK, how the guys got in leads to some questions, however the total, wilful destruction is heart breaking.

One of the great things about Kubernetes is that it completely separates authentication and authorization. Authentication (Authn) meaning the act of identifying who the user is and authorization (Authz) meaning the act of working out if they’re allowed to perform some action. This can be thought of in terms of a Passport and a Visa.

With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections.

Insurance companies know how to insure their clients’ homes, cars, and businesses, but they may find it difficult to ensure that the information they collect remains secure. While the insurance industry focuses on risk-based analyses for premiums, it needs to focus internally and use those same risk management processes for securing customer information.

With the evolution of technology comes new approaches to solving problems. Sometimes a new approach fixes the problem; sometimes it creates new ones. The good thing is as folks who work in fast-paced, high-tech environment, we information security professionals are great at quickly analyzing the new technologies and applying them to our daily lives. …Or so we thought!