One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 489870 |
| Date de publication | 2018-02-23 14:00:00 (vue: 2018-02-23 14:00:00) |
| Titre | Things I Hearted this Week 23rd Feb 2018 |
| Texte |
This week seems to have flown past very quickly. We’re almost at the end of February but the security goodness (and badness depending on which side of the fence you sit) keeps rolling in at breakneck speed.
I’m actually contemplating moving somewhere warm for the rest of winter. Not that it gets unbearably cold in London, but the winter does seem to drag on with grey skies and rain, and a never-ending cycle of colds, sniffles, not to mention the life-threatening “Man Flu!”
But enough about me, let’s jump into the security goodness!
Threat modeling
Threat models are great, and poorly understood, or used by security professionals as a universal ‘get out of jail card’.
“Why don’t you have 2FA on your web app?”
“Oh, that’s not in our threat model.”
“Why don’t you sandbox this?”
“Oh, that’s not in our threat model”
“Why don’t you have your threat model documented?”
“Oh, that’s not in our threat model”
It’s like the security equivalent to the business saying they “accepted the risk”.
An interesting piece in CSO magazine takes a look at common threat model mistakes.
7 threat modeling mistakes you’re probably making | CSO
What is threat modeling? | Motherboard
Two Billion!
Two billion (with a B), that’s the number of files apparently leaked in the US during 2017.
The most common type of breach after hacking was unintended disclosure such as cloud storage misconfigurations.
That means that millions of records could have been kept secure had someone brushed up on their AWS S3 Bucket security skills and not ticked the box to make it public.
We’ve found the APT, the APT is us!
Two Billion Files Leaked in US Data Breaches in 2017 | Infosecurity Magazine
The US witnesses significant number of healthcare breaches in 2017 | Healthcare Global
A SWIFT $6m
Unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system.
Well, that’s a surprise. It’s not like SWIFT has been targeted ever for malicious purposes…
Hackers stole $6 million from Russian bank via SWIFT system: central bank | Reuters
India's City Union Bank CEO says suffered cyber hack via SWIFT system | Reuters
|
| Envoyé | Oui |
| Condensat | 2018 23rd 729 able about adrian alienvualt assets bellis bits blood booth bytes check controversy corman cran defender: disagreement exactly expect feb flesh hacking heading healthcare hearted his interesting it’s jon jonathan josh kill know like live: looked meet much nothing other out pen pentest recon rest rsa rsaconference session snow sure talks team test things time visit week which why you'll you’re your |
| Tags | |
| Stories | Tesla |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.