Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

What is Information Risk Management?

Information Risk Management (IRM) is a form of risk mitigation through policies, procedures, and technology that reduces the threat of cyber attacks from vulnerabilities and poor data security and from third-party vendors. Data breaches have massive, negative business impact and often arise from insufficiently protected data. In this article, we outline how you can think about and manage your cyber risk from an internal and external perspective.

Jira Security Vulnerability CVE-2019-11581

On 10 July 2019, Atlassian released a security advisory for a critical severity vulnerability in most versions of Jira Server and Jira Data Center. The vulnerability was introduced in version 4.4.0, released in 2011, and affects versions as recent as 8.2.2, released on 13 June 2019. The good news is that users of Jira Cloud are not affected. But how many organizations are running Jira Server or Jira Data Center, and are vulnerable to this attack?

Swimming in the Deep End: Data Leaks and the Deep Web

Those interested in how data breaches occur should be familiar with the general topography of the Internet. In our previous piece, we discussed the difference between the surface web, deep web and dark web. Most estimates about the topography of the Internet conclude that the deep web makes up between 95%-99% of all web sites. The dark web likely comprises less than 1%, while the surface web accounts for only a few percentage points itself. Nearly the entire Internet is the deep web.

APRA Prudential Standard CPS 234: Information Security

According to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, 90 percent of Australian companies report that they receive up to 5,000 cyberthreats per day. For cybercriminals, Australia’s superannuation funds, banks, and insurers make for attractive targets. It is essential that these industries can protect and secure their data, including the data of their clients and customers, and respond quickly and robustly if a critical cyber-attack occurs.

UpGuard's new navigation: CyberRisk is evolving

UpGuard CyberRisk enables organizations to control and monitor third-party vendor risk in real-time and improve their security posture. Since we launched CyberRisk, our team has been speaking to users and evolved the platform into two new modules, BreachSight and VendorRisk. Combined with a redesigned user experience, UpGuard is easier to use than ever.

S3 Security Is Flawed By Design

Amazon S3, one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations. Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings.

Third-Party Credentials and Vendor Risk: Safeguard Your Applications

Your primary systems aren’t the only source of damaging exposed credentials. Third-party applications employed by your organization also have privileged logins that must be protected. Cloud platforms, software as a service (SaaS), and local third party applications such as ERP systems often have administrative logins with full control.

Vendor Risk: The Impact Of Data Breaches By Your Third-Party Vendors

UpGuard’s researchers regularly uncover and report on corporate data breaches. We often find that the breach is not directly caused by the company, but by one of their third-party vendors. This series of posts is about a less-understood aspect of vendor risk, data breaches by third-party vendors. We will run you through many types of data breaches, how they relate to your third-party vendors, and ultimately what you can do to prevent them from hurting your business.

Don't Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice approach that maintains high levels of system stability, uptime and security. These “non-production”, or test environments should ideally be completely disconnected from production environments to prevent security incidents and bugs.