Babuk, also known as 'Babuk Locker', 'Babyk' and initially 'Vasa Locker', is a ransomware threat utilizing big-game hunter tactics to 'steal, encrypt and leak' victim data in an attempt to extort payments of reportedly up to USD 85,000 in Bitcoin (BTC).
Vulnerability scans and penetration test are often used interchangeably. Unfortunately, it is the improper use that creates confusions, sometimes around security decisions too. This article shal help the reader with these terms: penetration testing vs vulnerability scanning, their project inputs, outputs, security health indicators and decision making factors.
Modern organizations are working hard to differentiate their products and services by creating innovative solutions that their customers can leverage at home and on-the-go, forcing them to consider new, more agile approaches to application development that empower their development teams to accelerate time-to-market, and launch new solutions as quickly as possible.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A few interesting ones to mention this week. One that I experienced personally a few years ago when I setup an Asterisk box at home. Suddenly started receiving random external SIP connections without exposing the ports to the firewall. Found out it was that ALG feature in the router, and one I couldn’t switch off.
The Internet of things, cyber-physical systems, smart offices, smart homes. We are getting accustomed to these ‘smart’ concepts; lights turn off automatically when you leave home. Your car drives you, instead of the other way around and you quickly scan your access badge to check-in at work. All the little conveniences that make our lives easier, our work more enjoyable and ever so slightly improves our lives… Until they bite you in the behind.
Scraper bots are commonly used to acquire prices and content from websites for competitive advantage. Aggressive scraper bot activity slows down websites for customers, resulting in a bad user experience that costs the retailer revenue as frustrated customers are driven to competitors, while exposing vital pricing data.
Human Resources departments are typically tasked with conducting workplace investigations into allegations of misconduct or criminal activity. Every complaint or allegation has the potential to turn into a lawsuit or criminal case, which is why it’s so important to conduct thorough investigations to find out exactly what happened. Having the right tools can make it far easier for Human Resources departments to uncover the truth.
Since the onset of the pandemic, many workplaces were suddenly merged into home spaces. In my case, my bedroom became my office. In this new mode of working, what I missed the most is the office chatter and the water cooler conversations which often lead to some brilliant ideas for a new project or design solutions to a technical problem.
Supply chain attacks are one of the trickier challenges for organizations to defend against since they undermine our trust in otherwise trusted systems that we depend on for running our software and protecting our data. If an adversary is able to successfully compromise a key component of a popular supply chain product, the impact can be widely felt by many organizations.
A new trend for developers is emerging, as many companies shift towards using serverless computing. The name is a bit misleading, as serverless computing still relies on servers for storing data, but those who use serverless computing leave the maintenance of the server to their provider. They pay only for the storage needed to execute the code they develop.
