Spear phishing is an email spoofing attack targeting a specific organization or individual. Spear phishing emails aim to infect the victim with malware or trick them into revealing sensitive data and sensitive information. Spear phishers look for target who could result in financial gain or exposure of trade secrets for corporate espionage, personally identifiable information (PII) for identity theft and protected health information (PHI) for insurance fraud.
Social engineering is an attack vector that exploits human psychology and susceptibility to manipulation victims into divulging confidential information and sensitive data or performing an action that breaks usual security standards. In general, social engineering success relies on a lack of cyber security awareness training and a lack of employee education. Employees are the first line of defense and are frequently the weakest link in an otherwise secure defense in depth strategy.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. There’s leaving a few API keys in a GitHub repo, and there’s leaving everything on Pastebin. The question then is who did it? Staff, hacker or 3rd party? Perhaps we will never know. Do we however have a moral of the story here? Maybe just don’t write everything down in the clear (and give it to someone)…
Ever since FaaS platforms inception, blogs, and benchmarks measuring and analyzing "cold start" emerged. No wonder that the most searched term in the topic of serverless on Google is "cold start". However, using the term "cold start" distracts us from what we really care about - "Invocation Overheads". Although cold starts are a part of "invocation overheads", focusing solely on them is misleading.
StackRox has pioneered Kubernetes-native container security, bringing rich context and infrastructure-native enforcement to protecting Kubernetes and containers across build, deploy, and runtime. We recognize the importance of getting critical alerts about this cloud-native stack to the right team, at the right moment – by integrating with PagerDuty, we broadened the choices on how to do so.
It’s not easy for an organization to implement the International Organization for Standardization (ISO) 9001 and obtain an ISO certification for the standard. But just because you’ve achieved ISO 9001:2015 (the latest version) certification, doesn’t mean your work is done. That’s because your company has to be continually audited to ensure it still meets the requirements of the ISO 9001 standard.
One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel became harder between 2017 and 2019.
Whether 10 years ago or just last week, companies continue to ponder, “is cloud computing secure?” The truth is cloud computing is just as secure, if not more secure, than a traditional server if configured properly. In fact, most security breaches in the cloud are the fault of the customer, not the cloud network. Gartner Research estimates that between now and 2025, 99 percent of cloud security breaches will be the customer’s fault.
I really enjoy Shira Rubinoff's videos, and captured one of them in case you prefer reading to watching videos. Please find snippets of this commentary in the AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently.