Securing the Entire Container Stack, Lifecycle and Pipeline – Part 1

With the rise in popularity of containers, development and DevOps paradigms are experiencing a massive shift while security admins are left struggling to figure out how to secure this new class of assets and the environments they reside in. While containers do increase the complexity of the ecosystem that security admins are responsible for securing, … Read More The post Securing the Entire Container Stack, Lifecycle and Pipeline – Part 1 appeared first on The State of Security.
Read more

Insecure Storage Buckets Expose 1.8 Billion Online Posts Scraped for U.S. Military

A Pentagon contractor left three storage buckets publicly accessible on Amazon’s S3 service, exposing more than 1.8 billion online posts collected since 2009. The messages, posted by people from around the world, were likely collected as part of an intelligence-gathering operation for the U.S. military. The breach was discovered by researchers from UpGuard, a company..
Read more

GDPR compliance in legacy environments

The General Data Protection Regulation (GDPR) that takes effect next May will require businesses to protect the privacy of any personal data that they manage. There are many ways to do this, but the GDPR strongly encourages the use of pseudonymization, which, depending on how the business currently manages the personal data it acquires, may or may The post GDPR compliance in legacy environments appeared first on Voltage.
Read more

Australian Broadcasting Corporation Leaked Data through AWS S3 Bucket

The Australian Broadcasting Corporation (ABC) leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket. Public search engine Censys indexed the misconfigured asset on 14 November during a regular security audit of the S3 environment. Researchers at the Kromtech security center don’t know who might have accessed the AWS S3 bucket … Read More The post Australian Broadcasting Corporation Leaked Data through AWS S3 Bucket appeared first on The State of Security.
Read more

toolsmith #129 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 2

You can have data without information, but you cannot have information without data. ~Daniel Keys MoranHere we resume our discussion of DFIR Redefined: Deeper Functionality for Investigators with R as begun in Part 1.First, now that my presentation season has wrapped up, I've posted the related material on the Github for this content. I've specifically posted the most recent version as presented at SecureWorld Seattle, which included Eric Kapfhammer's contributions and a bit of his forward thinking for next steps in this approach.When we left off last month I parted company with you in the middle of an explanation of analysis of emotional valence, or the "the intrinsic attractiveness (positive valence) or averseness (negative valence) of an event, object, or situation", using R and the Twitter API. It's probably worth your time to go back and refresh with the end of Part 1. Our last discussion point was specific to the popularity of negative tweets versus positive tweets with a cluster of emotionally neutral retweets, two positive retweets, and a load of negative retweets. This type of analysis can quickly give us better understanding of an attacker collective's...
Read more

Tripwire University 2017: EMEA Edition

Foundational controls help IT organisations focus on setting basic and effective security priorities. According to the Center for Internet Security (CIS), applying just their first five critical controls can reduce your risk of cyberattack by nearly 85%. So, when it comes to foundational controls, how does your organisation compare? Join Tripwire and other security experts … Read More The post Tripwire University 2017: EMEA Edition appeared first on The State of Security.
Read more

Do Health Care Providers Need Your SSN?

The U.S. Social Security Number (SNN) was introduced in the 1930s as an identifier for the (then new) Social Security program, whose official name is actually the “Old-Age, Survivors, and Disability Insurance program” (OASDI). As you’ve no doubt read, the SSN was never intended to be a globally unique identifier (GUID), but has de facto The post Do Health Care Providers Need Your SSN? appeared first on Voltage.
Read more
Page 1 of 3312345...102030...Last »