Report reveals there’s no honor among thieves

Read More

The Center for European Policy Analysis (CEPA) recently published a 38-page study, Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities by two esteemed researchers, Irina Borogan and Andrei Soldatov. The opening premise is that Russia has not demonstrated its cyber warfare adroitness in support of its invasion of Ukraine. Whether the Russians tried, and their efforts failed due to the capabilities of Ukraine’s cyber defenders or because leadership meddling disrupted the execution strategies of the professional cyber warriors, hasn’t yet been revealed. What is evident is that the Ukraine example has called into question the Russian playbook being technologically focused and suggests that the political quotient is much more in play than perhaps previously suggested.

To read this article in full, please click here

Read More

Software supply chain attacks are on the rise, as cited in the Cloud Native Computing Foundation’s (CNCF’s) Catalog of Supply Chain Compromises. Industry leaders such as the Google, Linux Foundation, OpenSSF, and public sector organizations such as NIST have provide guidance on the topic over the past year or so.

The U.S. National Security Agency (NSA) alongside the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) now join that list with their publication Securing the Software Supply Chain: Recommended Practices Guide for Developers. The announcement of the publication emphasizes the role developers play in creating secure software and states the guide strives to help developers adopt government and industry recommendations on doing so. Subsequent releases from Enduring Security Framework (ESF) will focus on the supplier and the software consumer, given the unique role each plays in the broader software supply chain and its resilience.

To read this article in full, please click here

Read More

UK parents concerned about repercussions of soaring inflation

Read More

ISACA’s State of Digital Trust 2022 report highlights increasing importance of digital trust across businesses

Read More

How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight? All this and much more is discussed in the latest edition of the award-winning … Continue reading “Smashing Security podcast #289: Printer peeves, health data hangups, and Twitter tussles – with Rory Cellan-Jones”

Read More

Excess privilege granted to cloud identities is a key component in 99% of all security tests performed by IBM’s X-Force Red penetration testing team, according to a report released Wednesday by the company.

Both human users and service accounts were consistently found to have more access rights and privileges than they generally need, which makes exploiting a successful breach in a cloud system much easier than it would otherwise be, the report said.

“This setup enabled attackers who managed to get a foothold in the environment to pivot and move laterally to exploit additional cloud components or assets,” according to the report.

That’s bad news for the cloud sector, which also saw a 200% increase in the number of compromised accounts being sold on the dark web, and an increase in the average severity score of vulnerabilities found in cloud systems, IBM said. That severity score, which is based on CVSS, rose to an average of 18 in the latest report, up from 15 ten years ago.

To read this article in full, please click here

Read More