OWASP API Top 10 Security List
If your organization is developing software, chances are that your developers are building application program interfaces (APIs) to allow interoperability between your code and code…
Insider threat reporting by the numbers
I don’t normally take security advice from goats, but I think I need to make an exception for Red Goats. A recent report on insider…
Great resource for configuring TLS
OK, let’s admit it – issues around cryptography are the most complex and confusing part of information security. Aside from all that math, there are…
How authentication methods stack up
Here’s a nice resource from iDaptive’s blog on the relative merits of various common types of authentication technologies – interesting quick read.
Something about (Japanese) foxes and hen houses
Not strictly a security story, but interesting and alarming… Japanese authorities have decided that: It is permissible to make contributions to politicians using cryptocurrencies like…
Attack on encrypted PDFs exfiltrates clear text data
Here’s a quite clever hack… German security researchers have found a way to exfiltrate the contents of encrypted PDF files without breaking their encryption. Because…
NIST & Microsoft partner for patching pointers
The US Government’s National Institute of Standards and Technology and 8,000,000 pound gorilla Microsoft are working together to provide industry with definitive guidance on keeping…
Is Business Email Compromise a “cyber attack?”
Just what constitutes a cyber attack? That’s the question facing a court in a case brought against insurer AIG. One of the firm’s clients was…
An example of a clear and concise incident report
This incident report from the Australian National University is definitely worth a read, both as an interesting look into the mechanics of a systems compromise…
Good security advice from down under
For many organizations, especially small businesses, the thought of starting any kind of cyber security program can seem daunting. With all of the threats out…
