September 20, 2022

Painful Lessons from Uber’s Recent Über-Breach

Uber’s latest breach is big and fraught with concerns about the maturity of the company’s cybersecurity capability. Failure abounds across their technology, behaviors, and processes. We can all learn from Uber’s mistakes!   For more strategic insights and discussions, follow me on the YouTube channel Cybersecurity Insights: https://www.youtube.com/cybersecurityinsights Read more

BSW #277 – Paul Baird

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:47 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no BSW #277 – Paul Baird Tue, 20 Sep 2022 21:00:00 +0000 57:53 false Podcast full Read more

BSW #277 – Paul Baird

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:47 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no BSW #277 – Paul Baird Tue, 20 Sep 2022 21:00:00 +0000 57:53 false Podcast full Read more

BSW #277 – Paul Baird

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:47 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no BSW #277 – Paul Baird Tue, 20 Sep 2022 21:00:00 +0000 57:53 false Podcast full Read more

5 Key Factors for Selecting a Managed Detection and Response (MDR) Provider

With an increasing number of threats and vulnerabilities to contend with, businesses need all the help they can get to keep their networks and data safe. That’s where managed detection and response (MDR) providers come in. MDR is a type of security service that proactively monitors alerts from your security systems and provides rapid response …

5 Key Factors for Selecting a Managed Detection and Response (MDR) Provider Read More »

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:45 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Tue, 20 Sep 2022 20:14:29 +0000 27:35 false Podcast …

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Read More »

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:45 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Tue, 20 Sep 2022 20:14:29 +0000 27:35 false Podcast …

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Read More »

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:45 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Tue, 20 Sep 2022 20:14:29 +0000 27:35 false Podcast …

SWN #240 – Hot planets, Chromeloader, MFA Fatigue, Lapsus$, Lastpass, & LockerGoga Read More »

It’s time to bite the bullet for more secure software

On September 14, 2022, the Office of Management and Budget (OMB) released their M-22-18 memorandum on “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices.” This document builds upon previous government documents such as Executive Order (EO) 14028 (“Improving the Nation’s Cybersecurity” from May 12, 2021), the NIST Secure Software Development …

It’s time to bite the bullet for more secure software Read More »

The Traditional Workplace is Not Coming Back, with Major Implications for eDiscovery

The world has in many ways returned to life as it was prior to the pandemic. Restaurants and hotels are packed again. Children are all back in their classrooms. Rock bands and philharmonics are playing in front of full audiences. But this is not so for the office. Only about a third of knowledge workers …

The Traditional Workplace is Not Coming Back, with Major Implications for eDiscovery Read More »

Cryptohacking: Is Cryptocurrency Losing Its Credibility?

In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. …

Cryptohacking: Is Cryptocurrency Losing Its Credibility? Read More »

Elemendar News 26

The Elemendar team is saddened by the passing of Queen Elizabeth ll; our thoughts are with those who also mourn. Product Updates Full STIX 2.1 support – Recently we introduced STIX 2.1 capabilities into READ. going beyond elevation to support more ways of  defining objects and relationships between objects. This provides flexible ways to write …

Elemendar News 26 Read More »

DEVCORE 徵求資安研究員

你對資安研究有滿腔熱血但卻找不到人討論嗎? 常常參加各大 CTF 比賽,卻不知如何將學會的技能發揮在真實世界中嗎? 你也想要為保護世界盡一份心力嗎? DEVCORE Research Team 成立數年來持續研究最前瞻的資安技術,回報過多個世界級的漏洞,在 Black Hat、DEFCON 等國際資安研討會都能看見我們的戰績,Pwnie Awards、Best Web Hacking Techniques 各種獎項我們也毫不留情地橫掃,在 Pwn2Own 駭客大賽中更是列居首位!然而,資安領域之廣、更迭速度之快,單憑寥寥數人也是力有未逮, 一個人走,可以走得很快;但一群人走,可以走得更遠。 故此,We Need YOU! 現在,DEVCORE Research Team 公開徵求資安研究員囉!不論你是專精於網頁安全,或是對逆向工程情有獨鍾,甚至你喜歡動手拆解硬體,我們不需要你的肝,只需要你對於資安研究的熱忱!我們看重的不是工作經驗,而是對資安傾注過多少心力! 在這裡工作,你將可以得到 與頂尖駭客一起交流、合作的寶貴經驗 實際體驗並挖掘 Real World 漏洞,找到屬於自己的第一個 CVE! 深入業界實戰攻防,真實感受漏洞研究與企業資安的結合 想把駭客作為你的終身職嗎?歡迎各領域的駭客們一起加入! 工作內容 個人研究 70% 對影響世界的產品進行漏洞研究 將找到的漏洞回報廠商並進行漏洞發表 檢測或協助專案 30% 規劃、執行產品安全測試 根據檢測需求,研究相關弱點或開發相關工具 協助紅隊執行專案,提供技術火力支援 工作條件要求 具備漏洞挖掘能力 具備漏洞利用程式撰寫能力 具備基本程式語言開發能力 具備研究熱誠,習慣了解技術本質 具備特定領域資安相關知識,包含但不限於 主流作業系統運作機制、相關漏洞及其利用技術 主流瀏覽器架構、相關漏洞及其利用技術 硬體介面相關攻擊手法、具實作經驗 …

DEVCORE 徵求資安研究員 Read More »

Cross-Layer Security: A Holistic View of Internet Security 

By Henry Birge-Lee, Liang Wang, Grace Cimaszewski, Jennifer Rexford and Prateek Mittal On February 3, 2022, attackers launched a highly effective attack against the Korean cryptocurrency exchange KLAYswap. We discussed the details of this attack in our earlier blog post “Attackers exploit fundamental flaw in the web’s security to steal $2 million in cryptocurrency.” However, …

Cross-Layer Security: A Holistic View of Internet Security  Read More »

Monitor Git to Protect Source Code & Avoid IP Theft 

Code42 Incydr detects Git push commands to untrusted repositories, offering much-needed protection of source code without disrupting the productivity of engineering teams. Watch the demo to learn more!  8 in 10 security and business leaders report that reputation has or would be impacted by an Insider Risk event involving loss/theft of sensitive information. But the …

Monitor Git to Protect Source Code & Avoid IP Theft  Read More »

Scope Creep

When new technologies arrive on the scene, there is a rush to use them everywhere. Bluetooth technology led to including it in almost any new product regardless of whether it actually adds anything. Internet connectivity has also seen a similar reaction; most notably I recall a juicer that was connected to the internet leading to …

Scope Creep Read More »

ASW #212 – Sam Placette

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:43 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no ASW #212 – Sam Placette Tue, 20 Sep 2022 13:42:50 +0000 01:21:41 false Podcast full Read more

ASW #212 – Sam Placette

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:43 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no ASW #212 – Sam Placette Tue, 20 Sep 2022 13:42:50 +0000 01:21:41 false Podcast full Read more

ASW #212 – Sam Placette

Paul’s Security Weekly Fri, 13 Jan 2023 19:59:00 +0000 Fri, 13 Jan 2023 22:52:43 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ sw_production@cyberriskalliance.com (sw_production@cyberriskalliance.com) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly Security Weekly hacking,security false sw_production@cyberriskalliance.com episodic no ASW #212 – Sam Placette Tue, 20 Sep 2022 13:42:50 +0000 01:21:41 false Podcast full Read more

Implementing Zero Trust Principles to Mitigate Insider Threat with Okta + Code42 Incydr

A key component of a Zero Trust strategy is ensuring you’re able to consistently verify and authenticate users before they access data and systems. What’s more, it’s also critical that users only have access to what’s really required to do their jobs. Easy in theory. Harder in practice. Employees are authorized to view certain applications, …

Implementing Zero Trust Principles to Mitigate Insider Threat with Okta + Code42 Incydr Read More »

Cryptographic algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information – ITSP.40.111

September 2022 | Practitioner series Foreword Cryptographic algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information is an UNCLASSIFIED publication issued by the Canadian Centre for Cyber Security (Cyber Centre) and provides an update to and supersedes the previously published version. Effective date This publication takes effect on August 17, 2022. Revision history First release: August 2, …

Cryptographic algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information – ITSP.40.111 Read More »