
Sierra Wireless claims that they don’t currently believe that any customer services or products have been affected, but given the recent SolarWinds based supply-chain compromise I urge both Sierra and their customers to closely review software and firmware to ensure that no malicious alterations have been introduced by the attackers. Even if there is no reason to believe that such access would have been possible, the scale of devices Sierra Wireless manufactures warrant a thorough review to
.....Read More
This breach continues to demonstrate that while you can outsource your security, you cannot outsource risk. It doesn’t matter if a third party is to blame for a security breach, the reality is that the data that your users have entrusted you with has been compromised. Organizations must adopt a culture of security that includes carefully vetting the processes and procedures of vendors and contractors who have access to sensitive data and systems.

An alarming number of mobile apps are developed by novice coders or outsourced third parties with little to no forethought around security. Worse, there is almost no way for the average user to verify the safety of the apps they use. In general, large companies tend to have better security practices in app development and testing, but it’s unfortunately not a guarantee. Developers looking to ensure the security of their users should prefer to leverage functionality built into the mobile
.....Read More
High profile organisations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer
.....Read More
A best practice is not to store and hold large amounts of funds in hot wallets on exchanges but rather transfer to either a cold hardware wallet (that has appropriate recovery codes set and stored securely) or to a standard bank account as the case may be on completion of the exchange transaction. This seeks to reduce personal exposure and loss in case of an exchange compromise.





