Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Weekly Cyber Security News 08/02/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Some absolute gems this week – that’s a bad thing, right? As the stakes rise for security risk and disclosure, two articles tweaked my attention on how it can sometimes not go right; for both sides. Something we all have to learn and build upon errors.

Google Chrome extension warns if your password has been leaked

Anyone who has a presence on the internet is likely to be suffering from breach fatigue. Data leaks are reported in the headlines on a daily basis, and users can feel so overwhelmed by the sheer number of breaches that they feel there’s little they can do to keep ahead of hackers.

Announcing Pype + Egnyte Integration

Pype provides innovative construction software solutions – AutoSpecs, Closeout, and eBinder – that enable teams to start projects faster and close out stronger. Called “game changers” by top GCs, Pype is dramatically changing business operations for construction, with proprietary, industry-leading specification management and closeout automation software.

How Not To Become a Target With Enough for Two Lines or Even Three

In mid-November last year, the retail giant Target experienced a security breach where customers’ credit card information was stolen. At first, it was thought that 40 million users had been affected but by January 2014, those numbers skyrocketed to a stunning 100 million. What emerged was the story of hackers who had appeared as “the good guys” in order to harvest as much information as they could from Target’s network.

Risk Mitigation in Software Engineering

Developing software while maintaining its embedded security can feel like the “Impossible Dream.” As you update your product, you’re potentially adding new vulnerabilities. As part of the risk management process in software engineering, you need to work with cybersecurity professionals throughout the software development life cycle (SDLC) to create a mature security profile.

Security Have and Have-Nots

Way back in around the 2010 / 2011 timeframe Wendy Nather coined the phrase "The Security Poverty Line" in which she hypothesised that organisations, for one reason or another (usually lack of funds), can't afford to reach an effective level of information security. Nearly a decade on, and while the term has sunk into frequent usage within the information security community, are we any better at solving the issue now that we've identified it?

Enable Kubernetes Pod Security Policy with kube-psp-advisor

Kubernetes Pod Security Policy is a mechanism to enforce best security practices in Kubernetes. In this tutorial, we will explain how to enable Kubernetes Pod Security Policy across your cluster using kube-psp-advisor to address the practical challenges of building an adaptive and fine-grained security policy on Kubernetes in production.

Bad Password Management by Privileged Insiders Puts the Organization at Risk

Ponemon’s 2019 State of Password and Authentication Security Behaviors Report highlights how inappropriate use of privileged password can give insiders the access they need. Ultimately, the malicious insider needs one thing to perform an act that hurts the organization – access.

6 Security Tips When Trading Online

Online trading is on the rise as many consumers take control of their own investments or work with brokers virtually rather than in person or over the phone. At the same time, cybersecurity attacks are on the rise as hackers also try to take advantage of gaps in the system, stealing identities and even money.