Strange But True Application Security Failures [INFOGRAPHIC]

| March 15, 2017

article image
Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome of the U.S. presidential election, and the alleged cyberattacks by Russia. Beyond hacked emails and "fake news," at least two states had their voter databases breached, most likely through a SQL injection vulnerability, a disturbingly common web application security failure.

Spotlight

Banff Cyber Technologies Pte Ltd

Banff Cyber Technologies is a provider of cybersecurity solutions for all enterprises. With a focus on web, logs and cloud security, Banff Cyber has carved a niche for itself through the creation of the WebOrion™ Security Platform(WSP), a set of core technologies designed and built to deal with the latest cyber threats. It is made up of patent pending components such as our Content, Integrity and Image Analytics Engines, Secure Replica Creation engines, high speed WAF engines and next generation machine learning and security analytics engines. WebOrion™ is currently offered as both WebOrion™ Enterprise and WebOrion™ Business.

OTHER ARTICLES

Progress Is the Promise in National Cybersecurity Strategy

Article | March 23, 2020

How can progress be measured when it comes to shifts in national security strategy and practice? Several assessment variables might include changes in official national guidance, legal authorities, types of campaigns or operations, lexicon used in national security discourse, and early results of the application of those changes. Since 2016, with the introduction of the construct of persistent engagement and the subsequent development of defend forward, all these variables have changed in a positive manner.

Read More

Cybersecurity in the Time of COVID-19

Article | March 30, 2020

A decade ago, Stuxnet pulled me into the accelerating, widening gyre of cybersecurity. I began to devote less time to global health, a topic on which I spent the previous decade developing familiarity and producing a large carbon footprint. I would frown when cybersecurity analysis borrowed concepts from public health, thinking, “if they only knew the life-and-death troubles that health practitioners face implementing those concepts.” Cybersecurity and public health are different challenges. Yet, the COVID-19 pandemic has cybersecurity relevance because it has generated sobering reminders of long-standing problems, unresolved controversies, and unheeded warnings that continue to characterize U.S. cybersecurity.

Read More

Best Cybersecurity Tips for Remote Workers

Article | June 21, 2021

Remote working and cybersecurity risks, unfortunately, go hand in hand. As the COVID-19 pandemic appears to be far from over, cyber threats to individuals and businesses continue to loom large. The only solution at the moment is to invest in robust technology solutions that protect your network and to train employees in cybersecurity so that they develop healthy remote working practices. If you allow a bulk of your employees to work remotely, it is important to adopt a few basic habits to protect your devices and your business network from cyber criminals. Here’s a quick look at a few basic tips for remote workers that can go a long way in enhancing the overall security posture of your organisation. Passwords provide the first line of defense against unauthorized access to your devices and personal information. By creating a strong, unique password, you increase protection levels tremendously. You make it more challenging for cybercriminals to gain access and disrupt your systems networks. Rule number two is never to ignore those little pop-up windows that tell you that software updates are available for your device. Once you get such a notification, be sure to install the latest software as soon as possible. Timely software updates (including antivirus updates) help patch security flaws and safeguard the computer system. Are you busy with your work and don’t like to be distracted by such notifications? We highly suggest you encourage your employees to select auto-update for software on both mobile devices and computers. It will help you and your staff to prevent problems caused by delayed system updates.

Read More

EMAIL SECURITY CONCEPTS THAT NEED TO BE IN YOUR EMAIL INFOSEC POLICY

Article | June 16, 2021

Compliance requirements have become more complex because of the continual evolution of security threats and vulnerabilities. Many organizations fail to create an extensive security program to cover their challenges. Emails are one of the most susceptible channels for cyber-criminals to operate. This is why every organization must pay keen attention to email security policies in cybersecurity. Because emails are prone to cyberattacks, enterprises and individuals must take critical measures to secure their email accounts against unauthorized access. Malicious actors use phishing to trick recipients into sharing sensitive information, either by impersonating trusted contacts or legitimate business owners. Email is still one of the most vulnerable avenues for hackers and cyber crooks. Here are the critical email security concepts that need inclusion into your information security policy.

Read More

Spotlight

Banff Cyber Technologies Pte Ltd

Banff Cyber Technologies is a provider of cybersecurity solutions for all enterprises. With a focus on web, logs and cloud security, Banff Cyber has carved a niche for itself through the creation of the WebOrion™ Security Platform(WSP), a set of core technologies designed and built to deal with the latest cyber threats. It is made up of patent pending components such as our Content, Integrity and Image Analytics Engines, Secure Replica Creation engines, high speed WAF engines and next generation machine learning and security analytics engines. WebOrion™ is currently offered as both WebOrion™ Enterprise and WebOrion™ Business.

Events