

Football fans will remember that in July 2020, the theft of nearly £1m from a Premier League football club was narrowly avoided. Before that, in February 2020, a misconfigured application leaked information from the Brazilian ticketing company Futebol Card. The latest news about West Ham is hardly surprising. We will only see these headlines go away when all software deployments are done with security in mind. When organization of all types have a security-first mindset, we will no longer read
.....Read More
A website for COVID test results in West Bengal in India is apparently missing access control, such that anyone can view results for anyone else. Like most software, this application was probably built as quickly as possible with functionality being its only goal. We will stop seeing these kinds of headlines only when development teams include security at every phase of development. In this case, about ten minutes of threat modeling during the application’s design would have made
.....Read More
In this

The Number:Jack
Unfortunately, computers are not good at being unpredictable. “Random” numbers in computers are almost always created by a pseudo-random number generator (PRNG), an algorithm that produces a deterministic sequence of numbers. The PRNG can be seeded with something truly
.....Read More
The Number:Jack
Unfortunately, computers are not good at being unpredictable. “Random” numbers in computers are almost always created by a pseudo-random number generator (PRNG), an algorithm that produces a deterministic sequence of numbers. The PRNG can be seeded with something truly
.....Read MoreLike every other critical infrastructure sector, healthcare is deeply dependent on software. From the tiniest devices to the largest medical record systems, software offers attackers an asymmetric advantage to damage the confidentiality, integrity, and availability of data and equipment.
The recent rash of ransomware attacks should convince any healthcare organisation that a proactive approach to software security is not a luxury but a necessity. Organisations that wish to reduce risk use a
.....Read More
Recently, researchers discovered that the privilege escalation vulnerability CVE-2021-3156, also known as Baron Samedit, affects macOS, including the latest available version. By itself, a privilege escalation vulnerability might not be especially dangerous for most users. It could only be exploited if an attacker already has access to your computer, either locally or through a remote shell.
Chained together with one or more other exploits, however, the risk of CVE-2021-3156 could
.....Read More
Admitting that a problem exists is the first step in overcoming that problem. The World Economic Forum ranks cybersecurity failure as the fourth most pressing “clear and present danger” to the global economy. Managing cybersecurity requires organisations of all types and sizes to address cybersecurity directly. Organisations that use software (basically everyone) should put policies and processes in place to minimise risk and protect data. Organisations that build software must make security an
.....Read More
Software is the critical infrastructure that supports organisations of all types. Cybersecurity is important for every organisation, whether they know it or not.
The recent vulnerability found in the United Nations technology infrastructure shows just how easy it is to accidentally expose a large volume of sensitive data. Like any other organisation, the UN needs a top-down approach to cybersecurity, with defined policies for protecting assets and established processes for publishing
.....Read More
