Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Grooming is a method of establishing a connection with a person to perpetrate a crime against them. Grooming is becoming more common in fraud, both online as well as in interpersonal interactions. What’s more, scammers are getting more sophisticated in their techniques. There is a mistaken belief that scammers are forceful, arrogant, and therefore easy to spot, but many play a long game, carefully and patiently grooming the victim before asking for money.

With each passing year, our digital lives grow in size and complexity. We open new accounts and place more value on the ones we log into and use every day. The trend has led to a rise in digital estate plans – a handover that ensures your friends and family members can take over your most precious accounts after you’ve gone.

A few hours ago, an npm package with more than 7 million weekly downloads was compromised. It appears an ATO (account takeover) occurred in which the author’s account was hijacked either due to a password leakage or a brute force attempt (GitHub discussion).

Almost everybody in this world uses the Internet. Some use it for work, some for education, some to stay connected with the world and their loved ones, some for shopping, and some use it to browse the world wide web in their leisure time. DNS Hijacking or DNS redirection attacks are a widespread security threat many DNS servers face in today’s modern digital world.

‘Privacy by design’, or as it’s now known, ‘data protection by design and default’, refers to Article 25 of the UK GDPR. This principle makes it a legal obligation for controllers to implement organisational controls which ensure data protection issues are addressed at the design stage of any project. But what does the regulation mean when it refers to organisational controls?

Vendor risk management (VRM) is the type of risk management practice assessing and mitigating business partners, third parties, or external vendors. This process is conducted before an entity enters into a business relationship and during the duration of the business contract with the vendor.

Vendor risk management (VRM) is rapidly emerging with ever-evolving cyber security strategies. As we hit the pandemic and try to manage critical operations in a remote work setup, each day, business entities challenge with the new security, privacy, and business continuity risks associated with their vendors.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Quite an interesting bunch this week. You know when you cover the pad with your hand to hide your pin at ATM? Well that might not be enough soon – given time I’m sure they will get better at guessing.

On Oct 21st, the Kubernetes Security Response Committee issued an alert that a new high severity vulnerability was discovered in Kubernetes with respect to the ingress-nginx - CVE-2021-25742. The issue was reported by Mitch Hulscher. Through this vulnerability, a user who can create or update ingress objects, can use the custom snippets feature to obtain all secrets in the cluster.

DevSecOps combines the responsibilities of development, security and operations in order to make everyone accountable for security in line with the ongoing activities conducted by development and operations teams. DevSecOps tools serve to assist the user in minimising risk as part of the development process and also support security teams by allowing them to observe the security implications of code in production.