Vulnerability assessment is a necessary component of any complete security toolchain, and the most obvious place to start for anyone looking to improve their security. Ironically, starting with vulnerability assessment can actually degrade an organization's overall defense by shifting focus from the cause of most outages and breaches: misconfigurations.
Once upon a time, video gaming was strictly an offline, console-based affair. Even PC-based titles were relegated to the safe confines of the player's local desktop machine. The arrival of affordable and ubiquitous high-speed internet transformed gaming into a highly interactive online activity; these days, the online component is an integral part of gameplay. But are gaming vendors doing enough to protect users against today's cyber threats?
It’s hard to believe Thanksgiving is almost here, and with it, the frenzy of the holiday shopping season fast approaches. Whether you are camping out overnight for “Black Friday” bargains, or waiting for the online deals of “Cyber Monday,” the odds are you are more nervous than ever about the safety and security of your financial information against holiday scammers. At least, so indicate the results of UpGuard’s survey of over 1,200 respondents in November 2016. The survey finds that 95% of consumers are to some degree concerned about the security of their information online, and more than half would break with their favorite brands if they knew their information was at risk; full survey results can be viewed here.
Containers are all the rage these days, and for good reason: technologies such as Docker and CoreOS drastically simplify the packaging and shipping of applications, enabling them to scale without additional hardware or virtual machines. But with these benefits come issues related to management overhead and complexity—namely, how can developers quickly achieve visibility and validate configurations across distributed container clusters? The answer is with UpGuard's new etcd scanning capabilities.
Policies are an important part of how UpGuard works, but in large implementations, policy bloat can make managing different groups of devices unwieldy. To combat this, UpGuard has implemented policy variables and variable override options in version 2.29 to allow people to better use a single policy across multiple groups. Out-of-the-box policies don’t always offer the necessary flexibility to adjust to real environments, but with UpGuard’s policy variables and overrides, administrators can adjust their expected configurations to apply to multiple systems or environments, taking into account their differences, and allowing them to focus on maintaining the configurations they care about.
Several of the world's leading airlines are getting the travel season off to a rocky start: last week, American Airlines and Alaska Airlines resolved a technical glitch causing reservation/check-in and delays across 15 flights. With the holidays approaching, can airlines weather mounting losses caused by their aging computer systems and IT infrastructures?
Your website's perimeter security couldn't be any better: sitewide SSL and DMARC/DNSSEC are enabled, software versions aren't being leaked in your headers, and all other resilience checks are green. But how secure is your mobile app? Unfortunately, like most companies, you've outsourced mobile app development to a third-party agency and have little visibility into their security practices. And if your app supports Facebook and Google sign-ons, you may be in trouble: a security team recently discovered an OAuth 2.0 flaw that's already left over a billion apps exposed.
Last month, around 1.3 million records belonging to over half a million blood donor applicants were breached when the Australian Red Cross' web development agency Precedent left a database backup exposed on a public website. The venerable non-profit has since taken responsibility and apologized for the incident, despite being the fault of a third party agency. If anything, the mishap serves to illustrate that resilience—not stronger cybersecurity—is the key enabler of safe healthcare digitization.
Recently, New York’s Department of Financial Services and Gov. Andrew Cuomo released their long-awaited proposal for cybersecurity regulations regarding banking and financial services companies. The proposal, if implemented, would be the first mandatory state-level regulations on cybersecurity and promises to deliver sweeping protections to consumers and financial institutions alike. In Gov. Cuomo’s words: "This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyberattacks to the fullest extent possible."
Government/politics, and cybersecurity—these topics may seem plucked from recent U.S. election headlines, but they're actually themes that have persisted over the last decade, reaching a pinnacle with the massive OPM data breach that resulted in the theft of over 22 million records—fingerprints, social security numbers, personnel information, security-clearance files, and more. Last month, a key government oversight panel issued a scathing 241 page analysis blaming the agency for jeopardizing U.S. national security for generations. The main culprit? Lack of visibility.