Free open source testing tools have never been more popular, necessary or front of mind. Recent news coverage of the open source Kayenta suite of canary testing tools launched by Google and Netflix not only demonstrates that industry has an increasing appetite for automated testing, but also that the need for such tools is far more widely accepted. There are a few major pitfalls for the unwary when choosing open source testing tools, perhaps the most important being to be clear about is the difference between ‘free’ tools and open source tools, a distinction that often gets muddied. Indeed, there are legions…
ISBuzz Team
In response to the conversation generated by this cryptomining POC taking advantage of vulnerabilities associated with serverless computing environments, Ori Pekelman, CPO at PaaS provider Platform.sh. commented below. Ori Pekelman, CPO at Platform.sh.: “It should go without saying that remote code execution exploits are bad. And using that to target serverless computing environments for cryptomining is a logical progression for hackers, however there are some cautions with this narrative as an organization that works with these environments on a daily basis. When an attack of this nature, regardless of its objective, happens on platforms that auto-scale with no limits on spending and…
Luke Potter, head of cyber-security practice at SureCloud, explains how standard penetration testing models leave customers in the dark, and what can be done to improve support after exposing an organization’s vulnerabilities Penetration testing (Pen Testing) is a valuable service that let companies know where the vulnerabilities in their systems, applications and processes are. As organizations adopt an increasing number of cloud solutions and services, and as cyber-attacks rise, the demand for pen testing is set to rise at a compound annual growth rate (CAGR) of 13.9% over the next ten years. This is partly driven by the continued threat…
About 115,000 Drupal Sites are still vulnerable to Drupalgeddon 2 that allows hackers to take over sites according to security researcher Troy Mursch. Drupal issued a patch for this vulnerability 2 months ago. Ashley Stephenson, CEO at Corero Network Security commented below. Ashley Stephenson, CEO at Corero Network Security: “With hundreds of alerts and patches to contend with, IT teams are overwhelmed. Evaluating the most serious patches to employ first and understanding the impact of those patches on the rest of the network is a superhuman task. While Drupal is a serious vulnerability, there are also hundreds of other vulnerabilities…
~ However, the majority of IT security decision makers are confident in their own organisation’s cybersecurity recovery strategy ~ Large businesses in the UK could be falling short when it comes to assessing the cybersecurity resilience of external providers within their supply chain network, according to new research. The poll – commissioned by Citrix and carried out by OnePoll – quizzed 750 IT security decision makers in companies with 250 or more employees across the UK, to uncover the extent to which large UK businesses are prepared for cyber-attacks. The research also considered whether businesses are conducting the necessary due diligence when assessing new suppliers,…
88 percent of IT professionals acknowledge the importance of endpoint management, yet 30 percent don’t know how many they have LogMeIn today released findings of a new global report, “Uncovering the Harsh Realities of Endpoint Management: Bridging the gaps in multi-device security” revealing current market trends and business threats driving the need for IT professionals to make endpoint management a priority. The global survey, which polled 1,000 IT professionals across North America and Europe found that while 88 percent of IT respondents acknowledge the importance of endpoint management, nearly one third don’t know how many endpoints they manage. Data from the…
Following the news that ancestry site MyHeritage has been breached, potentially exposing the data, and in some cases the DNA details, of 92 million users, IT security experts commented below. David Emm, Principal Security Researcher at Kaspersky Lab: News of a data breach is a daily reality today. But it’s rarer to hear news of a breach where the company in question is on the front foot and has proactively shared information with the public, which will ultimately lead to the collateral damage being reduced. Yesterday the news broke that ancestry site MyHeritage had been breached, potentially leaving the details of 92 million global…
Samantha Humphries provides an insight below on the incident that 92 million MyHeritage user accounts have been compromised discussing the incident and how GDPR now comes into play for data breaches. According to reports, the genealogy website and DNA testing service suffered a data breach where the email addresses and hashed passwords of its customer database were found on a private server. Samantha Humphries, Senior Product Marketing Manager, Global Markets & Compliance at Rapid7: “MyHeritage’s disclosure of the breach is a prime example of both how to effectively communicate an incident and in what timeframe. GDPR does necessitate that an organisation disclose a breach within 72 hours of being alerted…
Microsoft announced yesterday that it is buying the code-sharing site GitHub, a developer-focused startup that has become a crucial part of the programming industry, for $7.5bn. Patrick Carey, Director of Security Strategy at Black Duck by Synopsys commented below. Patrick Carey, Director of Security Strategy at Black Duck by Synopsys: “This is tremendously good news for open source, and perhaps the single most significant validation conceivable that open source IS the mainstream for software development. Microsoft has always been focused on the needs of the developer and this acquisition is consistent with that focus. It may seem remarkable that Microsoft, once considered the arch…
Ancestry.com now holds the genetic code of more than five million people — the largest private database of DNA in corporate history. The firm says it has state-of-the-art security systems in place to prevent hacking and security breaches of its genetic database. However, a three-month investigation has uncovered a pattern of ‘breached promises to customers’ and security concerns, according to a news report in today’s Daily Mail. Last year, cyber criminals managed to infiltrate RootsWeb, which is owned and operated by Ancestry. The hackers stole the login details of aorund 55,000 Ancestry customers who used the same email and password combination on RootsWeb.…
