now browsing by tag
4 Signs You’re Wasting Your Time On The Wrong Man Understand Men. Find Love. Skip to content Happy Clients Understand Men. Find Love. © 2020 Dating Coach – Evan Marc […] View full post on National Cyber Security
‘Love in the Time of Corona’ Proves Scripted TV Can Survive COVID-19 | #tinder | #pof | romancescams | #scams
Post Views: 346 Of all the industries out there, I think it’s safe to say the entertainment sector has been one of the most affected by the coronavirus. The new […] View full post on National Cyber Security
Sean Vanaman was living in San Francisco and planning a work trip to New York when he decided to change his location on Tinder with the hope that he’d have […] View full post on National Cyber Security
API security could be the most important consideration in serverless environments for preventing large-scale data breaches
Serverless adoption is growing faster than most would have expected. The majority of companies are already using it, and serverless use will grow significantly over the next two years. With serverless, software engineers are able to build applications that deliver scale and business value without consideration for the complexities of operations and security. The serverless application architecture is so innovative and new that most traditional security tools do not interoperate due to lack of operating system or container access.
A new approach is needed to conduct security analysis and provide protection for serverless apps.
While serverless applications have introduced new security problems, our focus needs to shift to the world of application programming interfaces (APIs), where sensitive data is prominently transferred in these modern application designs.
It is important to discover what organizations are doing to secure their cloud-native apps, especially with the benefits DevSecOps offers. This focus is especially timely these days because fundamental changes to application architectures and the infrastructure platforms hosting them are not served by existing cybersecurity technologies and traditional approaches to securing business-critical workloads.
As we move forward into 2020, we believe that APIs are the most vulnerable attack vector for large-scale data breaches. Security teams need to be able to automate and analyze security behind their apps. Here is a list of what DevOps and IT security teams to consider:
API data breaches could represent more than 50% of records lost in the coming months and become the single largest vector of large-scale hacking. According to Verizon’s 2019 Data Breach Incident Report, external hacking remained the largest threat actor (69%) and threat action (53%) respectively for data breaches reported last year. And the top threat vector successfully attacked was web applications, at approximately 67% of the time. When new reports announcing a company has had tens or hundreds of millions of its records compromised or stolen, the specific web attack vector more often than not appears to be RESTful APIs. It is our belief these incidents of large-scale data breaches from APIs connected to both mobile and web applications will create the largest and most significant data breach headlines in the coming months.
Shadow APIs continue to emerge as a new threat to cloud-first enterprises. According to the ESG Report on Security for DevOps, the top new investment that enterprises plan to make to secure cloud-native apps will be API Security (37% of all respondents marked this as the most important new control needed for cloud security). Cloud services enable businesses to ship new applications (mobile and web) faster and cheaper with more scalability. As a result, the number of new microservices and APIs grows exponentially with cloud-native apps. Enterprise security teams are struggling to keep pace with their DevOps counterparts. New APIs are popping up everywhere and being labeled as “shadow APIs” since it’s not clear who owns them and who is responsible for their ongoing security and compliance.
Serverless continues to outpace Kubernetes and container usage. As much as Kubernetes is being praised by many DevOps thought leaders, the data tells us that most developers appreciate the convenience, speed and ease of building applications with serverless computing. According to CB Insights, serverless is now the highest growth public cloud service ahead of containers, batch computing, machine learning and IoT services. Serverless spending is expected to reach $7.7 billion by 2021, up from $1.9 billion in 2016 with an estimated CAGR of 33%. Today, very few existing security tools can address application security issues specific to serverless applications. This will be an important new security challenge in 2020.
CCPA fines will exceed $200 million in its first year of existence. The California Consumer Privacy Act (CCPA) took effect Jan. 1. However, according to the way the regulation is outlined, lawsuits can be filed for privacy violations occurring in 2019. It is our estimate that very few companies are prepared to meet the guidelines outlined in CCPA. Further, unlike the General Data Protection Regulation (GDPR), which went into effect in May 2018, there are no maximum limits capping how large the fines could be for CCPA violations. The first few CCPA rulings served by the courts may create big headlines to put added pressure on companies to be proactive about protecting the data privacy of their customers.
Many companies successfully mobilized and monetized their data using APIs as an effective way to share information and build services. However, APIs can create compliance and security vulnerabilities the industry is ill-prepared to address. As more companies leverage and build API services and apps natively in the cloud, the industry will face new concerns and cybersecurity threats. While automation is a common practice that enables DevOps speed and scale, security teams need to take advantage of similar automation techniques to keep up with application teams using CI/CD and DevOps practice.
The industry needs to work closely with the top cloud providers to build better application security controls that function across multi-cloud environments. Most organizations are struggling to secure the application layer of their cloud-native apps, and APIs are the most critical attack vector leading to significant data breaches. As an industry, we need to do more to discover and secure APIs to protect ourselves against large-scale data breaches in the months ahead.
The post #cybersecurity | #hackerspace |<p> Now Is the Time to Focus on API Security <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#deepweb | The tech giants dominated the decade. But there’s still time to rein them in | Jay Owens | Opinion
Source: National Cyber Security – Produced By Gregory Evans The 2010s will be remembered for a new era in the development of capitalism, one of mind-boggling scale. Apple, Amazon and Microsoft are closing the decade as the world’s first trillion-dollar companies. Last year, Apple’s revenue was larger than Vietnam’s GDP, while Amazon’s research and development […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans For years we’ve been talking about the skills shortage that plagues the cybersecurity industry and which some reports now peg at three million and growing. Organizations lack trained, experienced resources in many areas including expertise in management and monitoring of the infrastructure protecting an environment, incident […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Identity sprawl – too many usernames and too many passwords – has never been as big a concern as it is today: More devices are being brought into the enterprise, more people are working remotely and using their own devices, and more users continue to access […] View full post on AmIHackerProof.com
#cybersecurity | #infosec | Hackers attack OnePlus again – this time stealing customer details – HOTforSecurity
Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus.
Back in January 2018 it was revealed that the credit card details of some 40,000 people using the OnePlus website had been stolen by hackers. On that occasion the attackers managed to inject a malicious script into an payment webpage that skimmed card data as it was entered by customers.
At the time OnePlus said it was conducting an indepth security audit of its systems.
The latest security incident, detailed by OnePlus in an FAQ on its website, isn’t as serious as the payment card breach – but could still lead to customers being put at risk by fraudsters and online criminals.
The cellphone manufacturer has confirmed that customers’ names, contact numbers, email addresses and shipping details have been accessed by an unauthorised party via a vulnerability on its website.
Fortunately, payment information and passwords have not been compromised.
OnePlus has not revealed just how many customers have been impacted by the data breach, but says that all affected users have been sent an email notifying them of the security incident.
Of course, even if your passwords and payment details haven’t been exposed in this latest hack – that doesn’t mean that users have nothing to worry about.
Online criminals could abuse users’ names and contact details to launch phishing attacks, spread spam, or even attempt to commit fraud over the telephone.
Of course, the challenge for affected users is that – unlike passwords – details such as your name and contact details can not be easily changed.
Customers are being advised to contact OnePlus’s support team for assistance if they have any concerns.
According to the company it has since patched the vulnerable website, and checked it for similar security flaws:
“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”
No details have been shared of the nature of the website vulnerability which allowed the hackers to access customer data, but OnePlus must realise that the patience of customers is not limited – and for a second serious security breach to have occurred in a relatively short period of time will have done nothing to strengthen users’ trust in the brand.
More transparency about what has occurred and how, combined with strengthened security, would go a long way to reassure customers who must be feeling rattled by this latest incident.
OnePlus says it has informed the authorities about the data breach and is working with the police to further investigate who might be responsible for the attack.
View full post on National Cyber Security
#cybersecurity | hacker | Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution
Source: National Cyber Security – Produced By Gregory Evans A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity. The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the […] View full post on AmIHackerProof.com