A selection of this week’s more interesting vulnerability disclosures and cyber security news. There’s leaving a few API keys in a GitHub repo, and there’s leaving everything on Pastebin. The question then is who did it? Staff, hacker or 3rd party? Perhaps we will never know. Do we however have a moral of the story here? Maybe just don’t write everything down in the clear (and give it to someone)…
Spear phishing is an email spoofing attack targeting a specific organization or individual. Spear phishing emails aim to infect the victim with malware or trick them into revealing sensitive data and sensitive information. Spear phishers look for target who could result in financial gain or exposure of trade secrets for corporate espionage, personally identifiable information (PII) for identity theft and protected health information (PHI) for insurance fraud.
I really enjoy Shira Rubinoff's videos, and captured one of them in case you prefer reading to watching videos. Please find snippets of this commentary in the AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently.
Google Cloud Run is a serverless compute platform that automatically scales your stateless containers. In this post we are going to showcase how to secure the entire lifecycle of your Cloud Run services. Sysdig provides a secure DevOps workflow for Cloud Run Platforms that embeds security, maximizes availability and validates compliance across the serverless lifecycle. Sysdig Secure Devops Platform is open by design, with the scale, performance and usability enterprises demand.
One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel became harder between 2017 and 2019.
Yet another company has been found lacking when it comes to securing its consumers’ data. Utah-based InfoTrax Systems provides back-end services to multi-level marketing companies (MLMs) such as dōTERRA, ZanGo, and LifeVantage, providing website portals where individuals can register as a distributor, sign-up new distributors, and place orders for themselves and end consumers.
Vendor risk management is the practice of governing third-party access to company data. This is a critical aspect of an organization since vendors view your business information when providing their services. For some, this can turn into a severe vulnerability that can lead to data breaches. In fact, in the past five years, vendors like Home Depot and Target were responsible for those incidents, as reported by Forbes.
