Category: risk
Make your near misses count
Security near misses are opportunities for learning and improvement, but when they are ignored, they can play a role in setting the stage for serious incidents. Use them wisely!
Hunting for secrets on GitHub
We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.
Something about (Japanese) foxes and hen houses
Not strictly a security story, but interesting and alarming… Japanese authorities have decided that: It is permissible to make contributions to politicians using cryptocurrencies like…
So your third party has been breached…
Another day, another third party security compromise story… this time it is Indian outsourcing giant Wipro. The firm has confirmed that a small number of…
No, you don’t need to close your LastPass account…
Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager. He demonstrated a way that an attacker could send…
ready cash – the hacker’s latest tool
Cybersecurity firm BAE Systems (a large and credible industry player) announced that it had found and remediated an attack on an unnamed hedge fund back…
galaxy s5 fingerprint authentication and lastpass
Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to your password vault. Since the…
how not to do a risk assessment
So, the risk management mavens for the City of Portland, Oregon have provided us all with an object lesson in how not to make risk…
RSS - Posts