Authentication, CSO and Internet - Cyber Security Informer

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Caleb Sima is the CSO at Robinhood.

CSO

CSO Financial Services CISO Mobile

PHP backdoor attempt shows need for better code authenticity verification

CSO Magazine

MARCH 30, 2021

Unknown attackers managed to break into the central code repository of the PHP project and add malicious code with the intention to insert a backdoor into the runtime that powers most websites on the internet. Get the latest from CSO by signing up for our newsletters. ]. Learn how to track and secure open source in your enterprise. |

Authentication

Authentication CSO Internet Internet

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet. It's pretty brutal." To read this article in full, please click here

CSO

CSO Authentication Engineering Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws

CSO Magazine

JUNE 15, 2021

Three weeks after releasing patches for a critical vulnerability in VMware vCenter, thousands of servers that are reachable from the internet remain vulnerable to attacks. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ]. Remote code execution and authentication bypass.

CSO

CSO Authentication Internet Internet

CISA warns of attacks against internet-connected UPS devices

CSO Magazine

MARCH 30, 2022

Hackers have begun to attack internet-connected universal power supply devices, targeting their control interfaces via multiple remote code execution vulnerabilities and, in some cases, unchanged default usernames and passwords, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued on Tuesday.

Internet

Internet Internet IoT Authentication

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

The Security Ledger

MAY 13, 2023

In this episode of the podcast, I speak with Window Snyder, the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for secure development and deployment of IoT devices. The post Episode 250: Window Snyder of Thistle on.

IoT

IoT Internet Internet Technology

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote. Enable multi-factor authentication (MFA) to access your applications and services, especially for admin access to platforms and backend systems. Food for thought, eh!

Ransomware

Ransomware Risk Internet Internet

BrandPost: What’s Next in Authentication? Passwordless Security

CSO Magazine

DECEMBER 16, 2022

The Internet has been a boon and bane to humanity since its inception. Technology has been an enabler and has leveled the playing field for so many companies around the world, giving them the ability to compete against companies hundreds of times their size. The first bane to touch on is the use of passwords.

Authentication

Authentication Passwords Technology Internet

Researchers warn of darkverse emerging from the metaverse

CSO Magazine

AUGUST 24, 2022

Security researchers predict that a kind of darknet structure could emerge there, similar to today's Internet. The machinations of the cyber gangsters could even take place in protected rooms that can only be reached from a specific physical location and via valid authentication tokens.

Authentication

Authentication Internet Internet Technology

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. As of January 24th, Shadowserver researchers still detected 5,300 older and internet-exposed GitLab accounts.

Software

Software Authentication CSO Accountability

Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks

CSO Magazine

FEBRUARY 11, 2022

Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications.

Authentication

Authentication Internet Internet Software

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

MARCH 25, 2019

Without APIs there would be no cloud computing, no social media, no Internet of Things. If I go to a CSO and say, ‘We can secure your APIs,’ he’ll say, ‘Great, can you also find them for me?’ ” observed Dwivedi, Data Theorem’s founder. APIs are the glue that keeps digital transformation intact and steamrolling forward. Talk more soon.

Digital transformation

Digital transformation Software Data breaches Authentication

Cisco reports vulnerabilities in products including email and web manager

CSO Magazine

JUNE 23, 2022

Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device. This vulnerability is due to a design oversight in the querying process, according to Cisco.

Authentication

Authentication Internet Internet

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

CSO Magazine

JULY 12, 2022

The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021. According to the FBI's Internet Crime Complaint Center (IC3), BEC attacks have led to over $43 billion in losses between June 2016 and December 2021. To read this article in full, please click here

Phishing

Phishing Accountability Authentication Internet

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

CSO Magazine

DECEMBER 15, 2022

Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an authenticated attacker can exploit for privilege escalation.

InfoSec

InfoSec Authentication Internet Internet

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

CSO Magazine

MAY 3, 2022

Multiple series of network switches manufactured by Aruba Networks, owned by Hewlett Packard Enterprise, and Avaya, owned by Extreme Networks, are vulnerable to attacks that could allow attackers to break network segmentation, exfiltrate data from internal networks to the internet, and escape captive portals.

Manufacturing

Manufacturing Authentication Internet Internet

Exposed VNC instances threatens critical infrastructure as attacks spike

CSO Magazine

AUGUST 16, 2022

According to a blog posting detailing Cyble’s findings , organizations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled.

Cybercrime

Cybercrime Authentication Marketing Risk

How to choose a certificate management tool

CSO Magazine

MAY 19, 2022

These secrets are found all over the IT map, including those for servers, for applications, to encrypt your email messages, for authenticating to connect with IoT devices, to allow you to make edits to a piece of code, and for user identities to have access to a particular shared resource.

Encryption

Encryption IoT Authentication Internet

BrandPost: The Growing Challenges of Certificate Lifecycle Management

CSO Magazine

JANUARY 21, 2022

They are the digital credentials that authenticate the identities of users and machines on the Internet and ensure that the applications, websites, and services that you interact with can be trusted and are indeed what they purport to be.

Authentication

Authentication Internet Internet Technology

How to build a zero trust ecosystem

SC Magazine

MAY 19, 2021

Trusted identities are separate authentication and authorization planes that make up the overall trust of a user, their devices, and their access. James Carder, LogRhythm CSO. Examples of identity types are the user, device, applications, data, network traffic and behaviors.

CISO

CISO CSO Architecture IoT

BrandPost: Zero Trust is Not a SKU – It’s a Journey Well Worth Undertaking

CSO Magazine

OCTOBER 5, 2022

This is particularly prevalent in the marketing of multi-factor authentication (MFA) platforms and endpoint protection (EPP)/endpoint detection and response (EDR) point solutions, but it’s by no means limited to them. The problem is this: you cannot buy zero trust.

Marketing

Marketing Architecture Authentication Internet

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., For starters, the hackers gained access to such a vast number Verkada cameras networks through a compromised “Super Admin” account, whose credentials Kottmann says were found publicly exposed on the internet.

Surveillance

Surveillance IoT Accountability Passwords

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

JULY 8, 2021

Dom Glavach, CSO and chief strategist, CyberSN. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. What many hackers are learning is that much of our web apps are vulnerable and it’s very easy to exploit. Pulitzer Prize-winning business journalist Byron V.

Ransomware

Ransomware Hacking Software Architecture

Cyber Security Informer

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

PHP backdoor attempt shows need for better code authenticity verification

Webinars

Trending Sources

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Webinars

Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws

CISA warns of attacks against internet-connected UPS devices

Episode 250: Window Snyder of Thistle on Making IoT Security Easy

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

BrandPost: What’s Next in Authentication? Passwordless Security

Researchers warn of darkverse emerging from the metaverse

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

Cisco reports vulnerabilities in products including email and web manager

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

Exposed VNC instances threatens critical infrastructure as attacks spike

How to choose a certificate management tool

BrandPost: The Growing Challenges of Certificate Lifecycle Management

How to build a zero trust ecosystem

BrandPost: Zero Trust is Not a SKU – It’s a Journey Well Worth Undertaking

Camera tricks: Privacy concerns raised after massive surveillance cam breach

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

Stay Connected