Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Why Life Sciences Needs the Science of Security

Those who have worked in the life sciences industry have undoubtedly observed a sea of change in the discipline over the past twenty years. From new modalities (like CAR-T to microbiome) to external collaborations, the way drugs are developed in the 21st century is more complex, more distributed, and faster. Alongside fundamentally new discoveries is a pan-industry shift from on-premise computing to the cloud.

Understanding the PCI Levels of Compliance

While every merchant and service provider that processes, stores, or transmits credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), not all must travel the same path to PCI compliance. The amount of risk an organization faces depends on a variety of factors. Recognizing these differences, the PCI Security Standards Council developed four compliance levels for merchants and two for service providers.

Cloud Security and Risk Mitigation

The cloud certainly offers its advantages, yet as with any large-scale deployment, the cloud can offer some unforeseen challenges. The concept of the cloud just being “someone else’s data center” has always been a cringe moment for me because this assumes release of security responsibility since ‘someone else will take care of it’.

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

Have you ever seen the bridge of a commercial cargo shipping vessel? It is like a dream come true for every kid out there–a gigantic PlayStation. Unfortunately, maritime computer systems are also attractive to malicious cyber actors. Illustrating this interest by malicious individuals, the U.S. Coast Guard issued a safety alert warning all shipping companies of maritime cyber attacks.

Climbing the Vulnerability Management Mountain: Gearing Up and Taking Step One

As I discussed in the first blog in this series, the purpose of this series is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. For the first phase, let’s start by planning the trip up Vulnerability Mountain. When you get ready to climb a mountain, you need gear, and you need to know what to ask for at the store.

Content Security Policy (CSP) explained including common bypasses

We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to begin with? This article will explain why having one can prevent header exploits with attributes and common bypasses. CSP is a response header that instructs the web browser from what sources it is allowed to include and execute resources from.

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. The Apple Watch feature at the heart of the problem is Apple’s Walkie-Talkie app which allows users to “push to talk” with other Apple Watch owners via a real-time voice message, rather than having to make a call or laboriously type a text message.