Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Weekly Cyber Security News 14/09/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A lot to get worked up about this week, and I will skip the majority of the noise about British Airways and yet more MongoDB related shenanigans, to highlight another kind of oversight: Deploying publicly accessible web content with Git and not cleaning up afterwards – or not doing it in the first place perhaps.

Configuration Hardening: Proactively Guarding Systems Against Intrusion

The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of hardened fortifications and bunkers.

What Cloud Migration Means for Your Security Posture

It shouldn’t come as a surprise to anyone reading this article that there has been a major shift towards businesses hosting their critical applications in the cloud. Software-as-a-Service (SaaS), as well as cloud-based servers from Amazon or Microsoft, have changed the way we build networked business systems for any size organization.

Telefónica Improves Movistar+ Customer Satisfaction while Reducing Operational Costs with Devo

Cambridge, MA, September 12, 2018 – Devo Technology, today announced that Telefónica has implemented the Devo Data Operations Platform to improve the quality of customer experience for Telefónica’s Movistar+ television service offering.

The CA Consumer Privacy Act | What Businesses Need to Know

This summer, California passed groundbreaking privacy rights legislation through the California Consumer Privacy Act. The law takes effect January 1, 2020 but companies need to have data tracking systems in place by the beginning of 2019. Even if your business is not located in California, you may be liable - so here’s everything you need to know to get your data security compliant.

VLAN Hopping and Mitigation

A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as 'VLAN Hopping', an attacker is able to bypass these security implementations.

Compliance is not security

The recent hack on British Airways is alarming to say the least, and it’s not just because roughly 380,000 payment cards were compromised. British Airways is a huge company earning millions each year. These sorts of companies are heavily regulated and are required to be Level 1 PCI complaint (the highest level of compliance).

Weekly Cyber Security News 07/09/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A pretty energetic week for a change. Varied and unexpected breaches as is the norm, though a few new items of note. The first is a little worrying, and really hopefully (at least for the public) won’t set a precedent: Penalising those that can’t make use of good password best practice.

Information Leakage of Threat Intelligence, Incident & Status Data

Information leakage of threat intelligence, incident data, and status data can have several legal consequences for organizations. Information leakage can occur due to the misconduct of disgruntled employees or results in by virtue of a nefarious cyber-attack. The underlying sections will take a deep dive into two different scenarios—namely, The Trauma of IP Address Leakage and The Menace of Product Vulnerability Leakage.

Introduction to Threat Intelligence and Types

The phrase Threat Intelligence has slowly gained significance in the information security community and their discussions. With the decision makers considering it as a high priority requirement, vendors have launched an array of products which are indeed confusing for an executive with the managerial background. This is an introductory post in our series of detailed discussion on threat intelligence.