GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a growing industry focus on improving the cybersecurity of software development processes to help better protect widely used resources and supply chains from cyberthreats.

Initial IaC focus on Terraform and AWS, Azure and Google Cloud to follow

In a press release, GitGuardian stated that, while software-defined infrastructure unlocks speed and consistency for engineering teams, it is still fraught with risks. Gartner predicts that at least 99% of cloud security failures will be due to user fault and misconfigurations by 2023. Such errors propagate from code to cloud-native environments, exposing critical workloads and resources on the way, it added.

To read this article in full, please click here

Read More

There are at least four business goals that organizations can achieve by scaling their cybersecurity programs through CIS SecureSuite Membership.

Read More

Everyone visiting Qatar for the World Cup needs to install spyware on their phone.

Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya.

Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.

In particular, the covid-19 app Ehteraz asks for access to several rights on your mobile., like access to read, delete or change all content on the phone, as well as access to connect to WiFi and Bluetooth, override other apps and prevent the phone from switching off to sleep mode.

The Ehteraz app, which everyone over 18 coming to Qatar must download, also gets a number of other accesses such as an overview of your exact location, the ability to make direct calls via your phone and the ability to disable your screen lock.

The Hayya app does not ask for as much, but also has a number of critical aspects. Among other things, the app asks for access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to determine the phone’s exact location, prevent the device from going into sleep mode, and view the phone’s network connections.

Despite what the article says, I don’t know how mandatory this actually is. I know people who visited Saudi Arabia when that country had a similarly sketchy app requirement. Some of them just didn’t bother downloading the apps, and were never asked about it at the border.

Read More

Gang exploited keyless entry systems to steal vehicles

Read More

Vinomofo the latest to suffer a serious security incident

Read More

This guest blog was written by an independent guest blogger. He is a high school freshman with some fresh perspective.

October and Halloween are both fun and scary, just like cyberspace. Cyber Security Awareness Month is an excellent time for grown-ups to discuss cyber safety with us. It takes an informed cyber village to help raise savvy cyber kids, and I believe introducing cyber literacy to kids of all ages is increasingly critical. Today, every household is filled with connected devices, and I hope this information will help with better digital decision-making by kids.

After eighteen months of virtual schooling, using various digital devices has become second nature. In addition, our virtual collaboration with others via these devices has also increased. Games are not the only way we interact with digital devices anymore.

I crave my digital privacy just as much as every other high schooler. However, I have learned it is vital to know how to stay private online. I recently learned that things like having a clean credit history make me an easy target for identity theft (identity theft occurs when someone uses another person’s personal identifying information, like their name, identifying number, or credit card number, without their permission), and this knowledge made my Halloween trickier without any treats.

It’s never too soon to establish cybersecurity ground rules. Kids can soak up basic cybersecurity skills as rapidly as they pick up new technologies; grown-ups owe it to them to make that possible.

Below are some easy ground rules for grown-ups to share about cyber “stranger danger” with their kids.

An exception to the rule of Sharing is Caring:

It is easy to succumb to oversharing on the Internet, especially on social media. Be careful about divulging personal information such as your school names, team names, home addresses, and telephone numbers. Are these also answers to your secret question when you set passwords? Read more about that below.

Be on guard for Phishing:

No, this is not what you do with your parents on a nice day by the lake. “Phishing” is a popular way tricksters get information about you by baiting you. Someone might send you an email offering you a free toy or game, and when you click on the link, they take you to a webpage that infects your computer with something nasty. Or it asks for information that lets them pretend to be you on the Internet.

Maybe they know you like dogs or kittens, so they send you a picture of a dog or kitten as an attachment, and they hide the nasty thing in the picture file, so when you open it, your computer gets infected. How confidently can you spot bait? Ever click on an unfamiliar link and instantly regret it? You’re not alone, and it happens every day. Tricksters go “phishing” and bait us into revealing our personal information to steal our data, money, or identity.

Don’t be click happy:

When you unknowingly click on a link or visit a shady website, you open your door to let the trickster in, where they can either plant a harmful code that automatically steals your information or lock you out of your games unless you pay a million V bucks. Whether it is a link on your text message or a pop-up that lures you into clicking it, a social media link asking you for information to help enter a raffle or appeals to you as a sports fan, take a breath. Do you trust this link? Think about the 5 Ws: who, what, when, where, and why.

Be cautious. When something is too good to be true, it is usually not good! Trust your source.

Don’t default to the default:

Change the default password if you have a device you will connect to the Internet.  A device is not just your phone or laptop; everything from your Internet router, gaming devices, TVs, and home thermostats, to Wi-Fi, is included.

What does a strong password look like? Use a phrase instead of a word. “Passphrases” are easy to remember but difficult to guess.  If the field allows, use spaces as special characters for added strength, making the phrase easier to type. Longer is stronger. The best passwords are at least ten characters in length and include some capitalization and punctuation. Typing the passphrase becomes a habit (usually within a few days).

Some examples of a strong passphrase include a strategy of misspelling, a nursery rhyme, a movie quote, or song lyrics with a twist.

Merging of the real and digital world:

As teachers incorporate more online educational tools into their curricula and parents permit children to play with online apps, they should simultaneously teach students of all ages basic cybersecurity skills and encourage them to become cyber aware. Just as Drivers Education and Financial Literacy are essential elements taught at high school to help equip us as adults, being cyber intelligent, savvy, and safe is also a skill that should be part of the curriculum. Kids should be prepared to protect themselves from cyber threats, just like they look both ways before crossing the street or taking candy from strangers.

Here are some excellent resources for you to try

NJCCIC E-Learning For Kids

CyberSprinters – NCSC.GOV.UK

We the Digital Citizens | Common Sense Education

My favorite “Cheat codes”

☐  I avoid using the same password for different accounts

☐  I change my passwords regularly

☐  My passwords are at least ten characters long (and ideally longer)

☐  My passwords involve a mix of upper- and lower-case letters plus symbols and numbers

☐ My passwords avoid the obvious – such as using sequential numbers (“1234”) or personal information that someone who knows me might guess, such as my date of birth or a pet’s name

☐  I change the default passwords on my connected devices, including Wi-Fi routers, gaming consoles

☐  I avoid writing my passwords down or sharing them with others

☐  I avoid clicking on suspicious links or links I am not sure of

☐  I avoid opening emails that look suspicious as well as any attachment

☐ I don’t respond to or click on pop-up windows on my phone or computer.

☐  I avoid downloading suspicious attachments from emails or text messages I am not expecting

☐  I don’t click on ads that promise free money, prizes, or discounts

☐  I am wary of strange or unexpected messages, even from people I know

☐  I don’t use personal usernames (gamertags) and avoid usernames and gamertags that can reveal their identity

☐  I don’t answer personal questions when using a text or voice chat during a gaming session online

I hope this handy list of cheat codes helps strengthen your cyber defense. And remember, a click is all it takes to turn a cyber threat into a cyber-attack. And Happy Halloween! More treats, less treats!

Read More

Killnet reportedly claims responsibility once again

Read More

Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia’s invasion of Ukraine, and some of the largest rises in living costs for decades have all brought new urgency to the vital support humanitarian work (often led by nonprofits) provides those in need.

However, nonprofits engaging in humanitarian efforts are finding themselves faced with increasing cybersecurity risks and challenges that threaten their ability to provide relief successfully, safely, and securely. As a result, cybersecurity is increasingly playing a vital role in the future of the nonprofit-led humanitarian landscape.

To read this article in full, please click here

Read More