Jira Security Vulnerability CVE-2019-11581

On 10 July 2019, Atlassian released a security advisory for a critical severity vulnerability in most versions of Jira Server and Jira Data Center. The vulnerability was introduced in version 4.4.0, released in 2011, and affects versions ...

15 Of The Biggest Data Breaches In History

Data is rapidly becoming one of the most valuable assets in the modern world. The digital giants that monopolize data are arguably the most powerful companies in the world, prompting ongoing conversations about anti-trust legislation and ...

Swimming in the Deep End: Data Leaks and the Deep Web

Those interested in how data breaches occur should be familiar with the general topography of the Internet. In our previous piece, we discussed the difference between the surface web, deep web and dark web. Most estimates about the ...

APRA CPS 234: Information Security Prudential Standard

According to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, 90 percent of Australian companies report that they receive up to 5,000 cyberthreats per day.

Dark Web Vs Deep Web: What's the difference?

Most descriptions of the Internet contain three layers, or levels: the surface web, the deep web, and the dark web. These categorizations can be both useful and misleading. The words “deep” and “dark” carry connotations with them that ...

Webinar: Data Leak Detection And Third-Party Vendor Risk

UpGuard's new navigation: CyberRisk is evolving

UpGuard CyberRisk enables organizations to control and monitor third-party vendor risk in real-time and improve their security posture.

S3 Security Is Flawed By Design

Amazon S3, one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations. Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration ...

Vendor Risk: The Impact Of Data Breaches By Your Third-Party Vendors

UpGuard’s researchers regularly uncover and report on corporate data breaches. We often find that the breach is not directly caused by the company, but by one of their third-party vendors. This series of posts is about a less-understood ...

Third-Party Credentials and Vendor Risk: Safeguard Your Applications

Your primary systems aren’t the only source of damaging exposed credentials. Third-party applications employed by your organization also have privileged logins that must be protected. Cloud platforms, software as a service (SaaS), and ...

Our New Cyber Risk Score: Cyber Security Rating (CSR)

As of today, November 1, 2018, we are changing the name of our proprietary cyber risk scoring system, formerly known as the Cyber Security Threat Assessment Report (CSTAR), to the UpGuard Cyber Security Rating (CSR). Over the coming weeks, ...

Don’t Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice ...

The Pitfalls Of Leaked Administrative Passwords

The most well-known type of system credential is the administrative, or root password. These types of accounts are “administrators,” meaning they usually have total access to whatever system they are for. Administrator accounts are used by ...

What is Fourth Party Risk?

Every company outsources parts of its operations to multiple suppliers. Those suppliers, in turn, outsource their operations to other suppliers. This is fourth party risk. The risk to your company posed by suppliers' suppliers. Confusing, ...

Inside the Security Ratings for the Riskiest Government Contractors

The government of the Unites States of America is perhaps the largest target on Earth for cyber attacks. The US has plenty of enemies, a track record of perpetrating cyber warfare and espionage (even upon its allies), numerous recent ...

How Trade Secrets Can Be Abused By An Attacker After A Data Breach

Data Exposure Types: System Information

There are many different kinds of sensitive data that can be exposed, each with its own particular exploits and consequences. This article will focus on what we have categorized as “systems information,” data that describes digital ...

The Dangers of Publicly Writable Storage

During the course of UpGuard’s cyber risk research, we uncover many assets that are publicly readable: cloud storage, file synchronization services, code repositories, and more. Most data exposures occur because of publicly readable ...

DevOps and Integrity at FinDEVr San Francisco

Technology conference season is in full swing, with so many events going on that even large ones like PuppetConf and Amazon Re:Invent have been forced to overlap. While part of the UpGuard team traveled to Las Vegas, two of us stayed in ...

Why Do Cloud Leaks Matter?

Introduction Previously we introduced the concept of cloud leaks, and then examined how they happen. Now we’ll take a look at why they matter. To understand the consequences of cloud leaks for the organizations involved, we should first ...