Many security breaches take place when attackers gain access to Internet-facing applications by using compromised credentials. As an added layer of security against leaked credentials, organizations have been implementing multi-factor authentication (MFA) mechanisms to verify the identity of users connecting to critical online assets.

Senate Bill 1121, more commonly known as the California Consumer Privacy Act (CCPA) was passed on September 23, 2018, and becomes effective on January 1, 2020. Already being compared to the European Union’s General Data Protection Regulation (GDPR), the new law focuses on privacy rights and encompasses both consumer protection and data protection. Thus, organizations need to know how to secure and protect information to meet the CCPA’s regulatory requirements.

PCI DSS, or the Payment Card Industry Data Security Standard, is the set of regulatory requirements all organizations who process card payments must adhere to. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools.

There are many things within Information security that pundits have been claiming are dead, or should be killed by fire - passwords are usually found at the centre of such debates. But this isn’t a post about passwords, it’s a post about honesty, and trust. But let’s first take a look at the other side of the coin.

A lot could happen within 100 days. One could start a new company, travel around the world or train for a marathon. One hundred days is also around the average time that attackers spend frolicking around compromised networks before being detected. For countries in Europe, Middle East, and Africa the number goes up to 175, or almost half of a year. To make matters worse, the longer a breach remains undetected the more expensive it becomes.

The General Data Protection Regulation (GDPR) came into force in May 2018, and by the letter of the law, virtually every business in the UK needs to comply with it. However, there are still some misconceptions surrounding the law and what it means to organisations. This can lead to difficult situations where mistakes can be made.

Threat Intelligence Feeds, in fact, are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. The example of these third-party vendors includes Kaspersky Threat Intelligence and Alient Vault OTX. Threat Intelligence Feeds concentrate on a single area of interest and they are delivered online.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

Kubernetes isn’t (just) fun and games anymore. It’s being rolled out for production; it’s mission-critical; and all the security and compliance rules and regulations of the old world need to somehow be retrofitted onto Kubernetes. Unfortunately, the old tools for access control like RBAC simply aren’t up to the challenge.