Misconfigurations are often seen as an easy target, as it can be easy to detect on misconfigured web servers, cloud and applications and then becomes exploitable, causing significant harm and leading to catastrophic data leakage issues for enterprises like the 2019 Teletext exposure of 530,000 data files which was caused by an insecurely configured Amazon Web Service (AWS) web server.
At Elastic, we believe in the power of open source and understand the importance of community. By putting the community first, we ensure that we create the best possible product for our users. With Elastic Security, two of our core objectives are to stop threats at scale and arm every analyst. Today, we’re opening up a new GitHub repository, elastic/detection-rules, to work alongside the security community, stopping threats at a greater scale.
Bearer is shedding its winter coat. As we stayed safe at home during the COVID-19 crisis, it gave us the opportunity to think about our vision for the API Monitoring industry. Today, we are releasing a brand-new dashboard, a rebuilt navigation, and improvements to many of our existing features. But one change is quite big, as it is changing one of the core features of our product. We have completely rebuilt the way API call logs are managed in Bearer.
Very few things available online are truly free of cost. If you don’t pay with cash, chances are you are paying with your personal information or other data. The Chrome web store is filled with free extensions that users install on their browsers to enhance their online experience. However, more and more of these extensions are being discovered and removed from the store due to their malicious intent.
WiFi signals can be put into two different categories, unencrypted and encrypted. Unencrypted WiFi, sometimes known as open WiFi, can be connected to without a password. Anyone with a phone, tablet, PC, video game system, or Internet of Things device within range of the open WiFi signal can use it as long as there aren’t more devices connected to the wireless access point than it can handle. But the data being sent to and from your device through the open WiFi signal is unencrypted.
Numerous data leaks appeared on the dark web in the second quarter of 2020. At the end of May, for instance, Cyble found a government database containing the personal information of more than 20 million Taiwanese citizens for sale on an underground web marketplace. That was less than two weeks before The Economic Times reported on a dark web data leak involving BEML, an Indian public sector undertaking.
The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.
The European GDPR (General Data Protection Regulation) is one of the most influential consumer privacy laws that has affected 500,000 companies throughout the world. This law has played a crucial role in formulating another substantial privacy law known as the California Consumer Privacy Act that came into effect on January 1, 2020.
GDPR recently breezed past its second birthday and, like many two-year-olds, continues to cause concern and confusion for those who have to deal with it. Unlike real two-year-olds, however, GDPR is quite clear in what it demands and there could be big consequences if they are not met. For businesses, failure to meet GDPR’s requirements represents an increased risk of data breaches and the reputational damage and legal repercussions that breaches inevitably lead to.
