A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.
If you are familiar with IT security, you must have heard CIA triad: a security model that covers different parts of IT security. Being one member of CIA triad, file integrity refers to the processes and implementations aiming to protect data from unauthorized changes such as cyber attacks. A file’s integrity tells if the file has been altered by unauthorized users after being created, while being stored or retrieved.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
Passwords may not be the favourite piece of your workday, however, I have a theory – if I could share with you the value of a password, and the reality of how simple they can be to create; then passwords may not be the monster you avoid.
Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password from 2012? Surprisingly, quite a lot.
One day, a contractor working for an internet service provider decided to sabotage the company by disabling internet connectivity for all customers. Unfortunately, the employee's attack was successful, and the disruption lasted three weeks. This attack cost the company tens of thousands in remediation costs and left many customers struggling to navigate a world without the internet.
A comprehensive, six-month study released by Proofpoint, in March reports that (oh, to our surprise), attackers are “leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.” Yikes!! At SCALE! Threat actors design threats aiming at platforms or services which will provide the greatest ROI for them.
Few would dispute the idea that an effective cybersecurity profile requires candid assessments of potential vulnerabilities. Here’s a closer look at the challenges facing the federal cybersecurity mission and the efforts of state-level agencies.
Companies are moving to incorporate the cloud into their computing infrastructure at a phenomenal rate. This is, without question, a very positive move. It permits companies to scale processing resources up and down in response to changing demands, giving companies the operational equivalent of unlimited resources while paying only for the resources that are actually used.
