2018 is rapidly drawing to a close. The winter chill is setting in and a festive spirit permeates the air. 2019 is hurtling towards us carrying the promise of new challenges and opportunities. However, there’s still a couple of weeks to get a few more massive data breaches in.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. As many of us ramp up to some kind of party frenzy over coming weeks, this timely article on how the youngsters and trendy ones are perhaps organising parties in a bad way could be worth absorbing. While it goes over my head (as according to my kids I’m a ‘miserable caveman’), hopefully it might help those of you more popular to get it right.
An organization can have innumerable VPN access attempts from within or outside its facility. In the world of globalization and cloud computing, even these attempts can be made from outside the country. Checking each attempt manually is a daunting task for enterprises as it consumes a lot of time and engages more security professionals. The basic VPN checks involve DNS Leaks, IP Address Leaks (e.g., IPv4 and IPv6), and WebRTC Leaks.
It’s December, which means it’s time to get those 2019 cyber predictions going. While there are many well-informed, and some not-so-well informed opinions out there, I’ve dug through the cyber underground, I’ve climbed data mountains, and delved to the depths of the dark web to seek out what is really happening.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another security professional, and over 50 professionals from the industry were present in the audience.
Maintaining security and compliance with HIPAA, the Health Insurance Portability and Accountability Act, is growing ever more challenging. The networks that house protected health information (PHI or ePHI) are becoming larger and more complex — especially as organizations move data to the cloud. At the same time, security professionals are faced with an evolving threat landscape of increasingly sophisticated threat actors and methods of attack.
If you’re unfamiliar with mobile forms they are digital forms that can be filled out on tablets and phones. These mobile forms, which can look identical to your existing paper construction documents, help teams work safer and more efficiently.
I got curious about what kind of people are most desired in a Security Operations Center (SOC). I wondered how accepting InfoSec blue teamers would be to having a team member with a great attitude and system administration or network management skills, versus someone with deep InfoSec knowledge and skills. So I did a poll on Twitter to learn more.
Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide-reaching and effective. Combating spam and detecting malware are prime examples.
