Vendor risk management (VRM) is rapidly emerging with ever-evolving cyber security strategies. As we hit the pandemic and try to manage critical operations in a remote work setup, each day, business entities challenge with the new security, privacy, and business continuity risks associated with their vendors.

Android is the world’s most widely used operating system. And we’re huge fans of it here at Conseal. But building Android apps can present some unique security challenges to developers. These may be for example as a result of the way that Android operates, the hardware that runs it, or its Linux heritage. This blog post outlines some of the things that our code auditors and penetration testers look for when reviewing Android apps for security vulnerabilities.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Quite an interesting bunch this week. You know when you cover the pad with your hand to hide your pin at ATM? Well that might not be enough soon – given time I’m sure they will get better at guessing.

On Oct 21st, the Kubernetes Security Response Committee issued an alert that a new high severity vulnerability was discovered in Kubernetes with respect to the ingress-nginx - CVE-2021-25742. The issue was reported by Mitch Hulscher. Through this vulnerability, a user who can create or update ingress objects, can use the custom snippets feature to obtain all secrets in the cluster.

DevSecOps combines the responsibilities of development, security and operations in order to make everyone accountable for security in line with the ongoing activities conducted by development and operations teams. DevSecOps tools serve to assist the user in minimising risk as part of the development process and also support security teams by allowing them to observe the security implications of code in production.

Influencer marketing is set to be worth $13.8 billion by the end of 2021, rising from $9.7 billion since last year. With many people working from home during the pandemic, monetizing a social media following by creating sponsored posts for brands has become a popular side hustle. This can be seen by the rapid growth of emerging platforms, particularly TikTok which saw over 2 billion downloads in 2020 and a 45% increase in its use by influencers in 2021 to date.

But, as we explored in the first of this two-part series, there are limitations to using the out-of-the-box rules which form part of the technology. In this blog post, we explore how to customise rules, the rule development process and the role of Sigma.

I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.