Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts. According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.

The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food and good company. Once they’ve put away the leftovers, many Americans don their coats and head to the malls for Black Friday. The official start to the Christmas shopping season, Black Friday is exciting because many retailers announce limited-time sales that promise huge savings to die-hard consumers.

Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) solutions. In this blog post, the second in a series looking at the ways to adapt your security operations to reflect the new technologies of cloud solutions, we’re going to look at what you should consider when implementing your security controls for a PaaS environment.

‘Tis the season! Winter holidays are upon us, and with it brings the yearly high-volume online shopping season we all know as Black Friday/Cyber Monday (BFCM). With the total US consumer spending estimated at over $717 billion in the 2018 BFCM season, retailers know that the next few weeks are a critical time for their infrastructure. Unfortunately, so do ransomware attackers.

Depending on your familiarity with the Cloud Security Alliance (CSA) publications, part one of this blog was intended as either an introduction or a nagging reminder of the ‘Egregious Eleven’ security threats to cloud computing. It also hopefully made some helpful observations about the first six items on the list. Part two now looks at the remaining five threats, starting with...

Malicious actors are increasingly launching digital attacks against industrial organizations. Many of these campaigns have been successful, particularly those that have targeted energy utilities and manufacturing plants. In late spring 2019, for instance, aircraft parts manufacturer ASCO temporarily suspended operations worldwide after falling victim to a ransomware attack.

Organizations are increasingly preoccupied with strengthening the digital security of their industrial control systems (ICS). They no doubt heard FireEye reveal that it had detected a second intrusion by the same actor behind Triton malware at a second critical infrastructure organization. More recently, they likely heard confirmation of a digital attack that struck the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India back in September.

Ransomware hit Louisiana’s state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack.

This is a follow-up/continuation to Part One of the series, where I recommend reading to help provide some background into why we should all consider reviewing our OPSEC (Operational Security), not just those with something to hide. Have you actually thought about how much you are tracked on a daily basis? Think about everything you post on social media, what you search, the apps that are generating metadata (with or without your consent), what your phone knows about you.

As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate to the cloud, different challenges and solutions need to be explored in order to ensure that your security operations can maintain visibility and control and prevent critical risks and vulnerabilities.