The move to the cloud — in many ways — is a return to the early days of computing. When I took my first computer class in 1978, we used an IBM 360 system time share. We rented out time on a remote system — sent our jobs over a modem to a computer at a university — and got back the results of the program run. Today, we’re using the cloud, which is just a fancy version of the old time-share systems.
Financial gain is one of the most common motivations behind cyber-attacks, making the financial sector an attractive target for cyber criminals. Recently, it was reported that companies in finance lost nearly $20 billion due to cyber-attacks and breaches. Furthermore, it was reported that financial companies get attacked 2500x more than a typical business for a total of over one billion attack attempts in a single year. These attacks don’t just target financial institutions.
In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent hacking variety and vector combinations, with “vulnerability exploitation” making the top three.
“Computers are bicycles for the mind,” said Steve Jobs once. Security Information and Event Management (SIEM) is biking uphill. Picture this: You cycle hard against the incline and ensure the bike holds up, all the while watching out for incoming traffic in blind turns. The worst part? The bike grinds to a halt when you stop pedaling. You simply can't coast on the steep hill of security operations.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Continued focus on locating issues in Docker reveal another flaw. This time with no patch (though I notice some Docker updates this week). Watch your backs folks.
Information security policy is a set of policies put forward by high ranking members of an organization to assure that all information technology users within the domain of that organization is its networks adhere to the same rules and guidelines related to the security of information that is transferred or stored at any point within the organization’s boundaries of authority.
In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.
Investigating a once trusted employee for potential misuse, theft, or other offenses regarding company resources can be a complicated process. While we all hope to hire ethically sound employees, various factors can contribute to ending up with a bad apple in the bunch. Labeled, insider threats, these employees pose a grave risk to organizations due to the insider knowledge and often authorized access they have to critical resources.
Have you noticed that people are just too busy to read important information you send to them? One of the problems with disseminating information, especially when it is about cybersecurity, is that there needs to be a balance between timing, priority, and cadence.
Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a habit of giving consumers connected devices that are controlled by unauthenticated HTTP requests via the local network.
