Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Weekly Cyber Security News 05/07/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well, I hope everyone’s recovered from the annoying network outages this week. I’m not going to talk about that, instead here is something to bring other annoyances: How UI done badly can be really bad… People are people, and while there are often oversights in locking down systems, they often still fall prey to moments of madness which starts a chain towards disaster.

What are Next SIEM Technologies?

An industry that is worth more than $2 billion, SIEM keeps growing and evolving. The first instances of SIEMs appeared as descendants of numerous security technologies: LSM, SIM, SLM/SEM, SEC and such. The earliest versions were so limited that they were barely able to scale across large companies and were rather slow. They also needed huge teams to manage thus raising the costs ever-higher. However, SIEMs have changed greatly since.

Future of Digital Identity

Identity verification has progressed drastically with the infusion of technology over a period of time. Currently, identity verification depends on physical and digital proof managed by a central authority which includes verification of valid documents like passport, driver’s license, OTP etc. However, the processes and identity parameters vary from country to country making it extremely difficult to standardise the verification process.

4 Fundamentals That Make Your Vulnerability Management (VM) Program Less Effective

If you are a security practitioner, then you may have noticed that much of the security industry exists because of vulnerabilities. Regardless of what job position you occupy, vulnerabilities are oftentimes the reason why you wake up every morning and ultimately engage infosec from within your cutting-edge working environment. Vulnerabilities will continue to arise; this is a fact of the environmental change that goes with any business or organization.

AT&T Cybersecurity Maintains Very Strong Ranking After Acquisition of AlienVault

The results are in, and once again AT&T’s Cybersecurity is recognized as an industry leader by securing its third consecutive ranking of “very strong” in Global Data’s annual product report. AT&T is the only company to achieve this hat-trick rating in all of Global Data’s seven categories of assessment. AT&T’s bold acquisition of AlienVault has reaffirmed its position as the cybersecurity leader with both competitive and qualitative edges.

Lerhan: Bypassing IDOR protection with URL shorteners

Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and found a way in through bug bounty programs. As an ethical hacker, he is naturally curious in security testing vendors which he is buying from and this time it led to bypassing IDOR protection using URL shorteners. In the following guest blog, he describes this security flaw that led him to access new client contracts on Jazztel’s platform.

SOX - Not Just for Foxes and Baseball; A Sarbanes-Oxley IT Compliance Primer

There are Red Sox, White Sox, and Fox in Socks. At the turn of the century, a new SOX entered our lexicon: The Sarbanes-Oxley Act of 2002. This financial regulation was a response to large corporate misdeeds at the time, most notably Enron misleading its board through poor accounting practices and insufficient financial oversight. The regulation seeks to ensure accurate and reliable financial reporting for public companies in the United States.

What is Vulnerability Scanning?

Vulnerability management is one of the core responsibilities of a security team. It covers assessing, reporting and if needed, mitigating on an organization’s security vulnerabilities. Yet vulnerabilities can be tackled with if and if only they are known to the IT security team. In order to find out vulnerabilities of a system or software, vulnerability scanning is conducted. It is a security technique whose purpose is identifying security weaknesses in a system.

The Rise of Ransomware as a Service (RaaS)

2019 Has been an interesting year for Ransomware thus far. After plaguing countless victims with dreaded ransom notes and bringing some pretty large corporations to their knees, the attack method built a strong reputation for inflicting cyber terror on consumers and businesses. As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with the potential for more lucrative payouts.

Be the leader in the new password-volution: memorized secrets

Remember when you were younger, and you wanted to do something that all your friends were doing, yet you knew your parents would never approve? Perhaps it was skating in that home-made “Half-Pipe”, or that time you wanted to try some equally dangerous stunt? Of course, your parents disapproved, to which you probably responded with the time-honored refrain: “But everyone is doing it!” That was never a convincing argument.