Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Oh dear Microsoft… Really? Should know better…

‍OAuth (pronounced "oh-auth”) is an authorization framework that allows an application to request “secure delegated access” to third-party systems on behalf of the apps’ users or the “resource owner.” Simply put, with OAuth, users can grant websites and applications access to their information on other websites without providing important credentials like passwords. OAuth stands for "Open Authorization”.

During the Vendor Risk Management process, information is in constant flux. From risk assessments to risk remediation processes, communication involving sensitive security control data continuously flows between an organization and its monitored vendors. If intercepted, this information stream could be used as open source intelligence for a third-party data breach campaign, nullifying the very efforts a VRM program is trying to mitigate.

The vulnerabilities perforating the global supply chain have remained dormant for many years. But the violent disruptions of the pandemic finally pushed these risks to the surface, revealing the detrimental impacts of their exploitation to the world.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.

A successful building project requires vast data, from architects' drawings to engineers' calculations to builders' material lists. Projects can quickly become chaotic without a platform to unify and manage this data as important information gets lost in the shuffle. That's why it's vital to have a system for unifying design and construction project documents. By unifying all the data in one platform, everyone involved in the project can easily access the information they need when they need it.

With the cost of a data breach at an all-time high of $4.35 million and regulations worldwide imposing steeper penalties for compliance failures, organizations must ensure that they have all necessary security controls in place to keep their data safe. Implementing the CIS Controls provides a sound foundation for effective defense against cyber threats First developed in 2008, the CIS Controls are updated periodically in response to the evolution of both technologies and the threat landscape.

I know many will read this title and think that I am crazy. If I am compliant with NIST, HIPAA, ISO, PCI, etc., then I am running a secure network. And to a point that is true. But let’s look at it this way. If you are driving down the interstate at the posted speed limit and are keeping three car lengths between the driver in front of you, are you truly safe and secure on the interstate?

Ever heard of pretexting? And no, we’re not talking about when you first carefully draft a risky text message before sending it! Pretexting is a sneaky and highly effective form of social engineering that attackers use to dupe people into sharing their personal information.

The Covid-19 pandemic caused a seismic shift in remote working practices. Before the pandemic, 34% of US employees worked remotely at least one day a week. Now, as we emerge from the pandemic, 35% of Americans work from home full-time — with a further 23% able to work remotely part-time. This equates to approximately 92 million remote workers in the US alone. But this rise in remote working is causing significant corporate cybersecurity issues.