Since 2019, Snyk and Dynatrace have partnered with a shared mission of securing the entire software development lifecycle (SDLC) and accelerating digital transformation. As many agile organizations migrate their workloads to the cloud, it’s tempting for teams to let security take a back-seat until all the pieces of the infrastructure puzzle are in place.
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs SecOps staff must regularly implement to keep adversaries from infiltrating their organizations’
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If you have been (luckily) hiding under a stone this week you might not be aware of a major global infosec disaster that has been on going unfolding since last weekend. As usual it is a key component included in so many other products that has a 0-day. You might want to check Twitter right away…
The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.
The pharmaceutical company Pfizer recently acknowledged that thousands of internal documents were leaked, including trade secrets related to its COVID-19 vaccine. In a California lawsuit, Pfizer stated that a former employee had exfiltrated sensitive data to their personal cloud accounts and devices while they were still working there.
The National Cyber Security Centre (NCSC) recently released its fifth annual review of the state of cybersecurity in the United Kingdom. The report is presented under five headings including an analysis of and response “The Threat,” advice for resilience, advances in threat detection and prevention technology, improving the cybersecurity ecosystem, and global leadership. The overarching message of the report is to provide safety for all online activities of all UK citizens.
Multiple team members within a life science company may need to periodically review and approve GxP documents for compliance purposes, including those on the clinical, regulatory, quality and product teams. And with so many parties involved, you need to establish a clear and uniform set of instructions to ensure the process is a success.
Some of the most damaging data leaks have resulted from poor database security. In March 2020, 10.88 billion records were stolen from adult video streaming website CAM4’s cloud storage servers. In March 2018, 1.1 billion people were the victim of a breach of the world’s largest biometric database, Aadhaar. And, in April 2021, 533 million users had their information compromised when a Facebook database was leaked on the dark web for free.
Cyberattacks in the field of geopolitics are playing an increasingly important role. 2020 was an intense year during which the pandemic was used for disinformation campaigns and there were serious incidents caused by groups linked to foreign powers.
