The healthcare industry is one where the mission is very straightforward – empower people to live with the highest quality of life possible for them. This means keeping lives safe and secure, all while armies of cyber criminals are working diligently to do the opposite.
Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the organization, I have found that many executives and security professionals feel like the interviewer in the Rickie Fowler commercial when it comes to their organization’s digital security. They don’t know where to start, for instance, nor are they aware of where and how today’s ever-evolving risks and threats affect the respective organization.
Inti was recently speaking at Detectify Hacker School, an event for customers where we have hacker talks and user cases presented to the audience. Afterwards our security researcher, Linus Särud, sat down with him for a hacker-to-hacker interview discussing how he got into bug bounty, his unconventional bug hunting ways and his take on why the European market is an ocean opportunity for bug bounty hunters.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.
If you are familiar with IT security, you must have heard CIA triad: a security model that covers different parts of IT security. Being one member of CIA triad, file integrity refers to the processes and implementations aiming to protect data from unauthorized changes such as cyber attacks. A file’s integrity tells if the file has been altered by unauthorized users after being created, while being stored or retrieved.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Passwords may not be the favourite piece of your workday, however, I have a theory – if I could share with you the value of a password, and the reality of how simple they can be to create; then passwords may not be the monster you avoid.
Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password from 2012? Surprisingly, quite a lot.
One day, a contractor working for an internet service provider decided to sabotage the company by disabling internet connectivity for all customers. Unfortunately, the employee's attack was successful, and the disruption lasted three weeks. This attack cost the company tens of thousands in remediation costs and left many customers struggling to navigate a world without the internet.
A comprehensive, six-month study released by Proofpoint, in March reports that (oh, to our surprise), attackers are “leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.” Yikes!! At SCALE! Threat actors design threats aiming at platforms or services which will provide the greatest ROI for them.
