Expert(s):
Senior Vice Presidentfeature_status*/ ?>
comforte AG

Comments Dotted : 10
February 05, 2021

New Malware Hijacks Kubernetes Clusters To Mine Monero – Experts Insight
Kubernetes is extremely powerful and a new foundation of IT strategy.

Kubernetes is extremely powerful and a new foundation of IT strategy, but not immune from malware, vulnerability and exploitation. Indeed, the dynamics, agility and scale that make it attractive to run scaled workloads at a moment’s notice also make it an attractive target for exploitation. While many attacks to date have focused on cryptomining, with the growing utilization of Kubernetes across industry, it will continue to be a focus of attack. The nature of this malware evidences that

.....Read More

Kubernetes is extremely powerful and a new foundation of IT strategy, but not immune from malware, vulnerability and exploitation. Indeed, the dynamics, agility and scale that make it attractive to run scaled workloads at a moment’s notice also make it an attractive target for exploitation. While many attacks to date have focused on cryptomining, with the growing utilization of Kubernetes across industry, it will continue to be a focus of attack. The nature of this malware evidences that managing risk when running kubernetes applications has to go beyond dependence on the bare minimum infrastructure level controls like TLS and container encryption, and shift to data-centric security for sensitive personal data. This has proven highly effective over the last decade, with new techniques like stateless data tokenization taking strategic prominence with industry leading enterprises. The good news is this available for cloud-native/kubernetes ecosystems today and ready to mitigate threats while letting enterprises get on with digital transformation at full throttle without breach risks getting in the way.

  Read Less
January 07, 2021

Security Experts Insight On Nissan Source Code Leaked
onnected systems at the edge, including automotive components, are not always simple to update at a firmware level.

Modern connected cars with convenient features like remote unlock, remote start require at least a 4 digit PIN to do it and strong authentication to use them. It’s curious then why the alleged source code repository for the backend and front-end for this technology wasn’t protected with an equally bare minimum security method. This is a classic example of the security being only as good as the weakest link – most likely in this case down to both human error and lack of process for risk

.....Read More

Modern connected cars with convenient features like remote unlock, remote start require at least a 4 digit PIN to do it and strong authentication to use them. It’s curious then why the alleged source code repository for the backend and front-end for this technology wasn’t protected with an equally bare minimum security method. This is a classic example of the security being only as good as the weakest link – most likely in this case down to both human error and lack of process for risk scanning of critical infrastructure for vulnerable credentials and effective data security”.

The recent Solarwinds situation should have prompted organisations across industry to be revisit their supply chain security, data security and authentication as a matter of priority – including any internet facing or cloud components. Access to code for potential core IoT/connected car applications opens up a raft of potential vulnerability exploits for attackers, if the claims of the full source code dump circulating on twitter are indeed true. Connected systems at the edge, including automotive components, are not always simple to update at a firmware level to address new threats, requiring dealership processes. This means any discovered exploits such as vulnerable TCP/IP stacks, credential management and offline authentication methods in the connected path to the vehicle’s bevvy of connected devices may indeed become targets for attacker analysis and compromise, made easier with access to source code.

  Read Less
December 11, 2020

Payments Processor TSYS Ransomware Attack – Expert Comment
Data processors and payment organizations at the heart of entire industries are always on the radar of attackers.
Data processors and payment organizations at the heart of entire industries are always on the radar of attackers. The high volumes of third-party data make them very attractive – both for the data they handle themselves and the data they have been entrusted with. Historically, they have also been entities where an attack to the administrative side has led to subsequent and secondary breaches of core processing platforms from attackers using data in emails, files, and databases. While so.....Read More
Data processors and payment organizations at the heart of entire industries are always on the radar of attackers. The high volumes of third-party data make them very attractive – both for the data they handle themselves and the data they have been entrusted with. Historically, they have also been entities where an attack to the administrative side has led to subsequent and secondary breaches of core processing platforms from attackers using data in emails, files, and databases. While so far, the good news is the core processing systems have not been impacted, likely from a modern data-centric approach to protecting it that’s common in leading payment processors, the bottom line is that this sends a clear reminder to any organization in the scaled data collection and processing business to ensure data security is implemented end-to-end, or made a top priority for the next year as we collect, store and process more sensitive data than ever. Privacy and security regulations are clearly motivation, but having gigabytes of sensitive data leaked can quickly morph into an uncontainable nightmare with equally uncontained cost impact without it.  Read Less
December 02, 2020

Expert Insight: Docker Malware Is Now Common – Devs Need To React Accordingly
To thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital.
Platforms like Kubernetes enable immense application delivery power. However, the built-in security controls reflect classical data-at-rest and transport encryption, perimeter, and access control based security. While these controls are important, the last decade has seen leading enterprises and data processors shift towards data-centric over perimeter controls to combat advanced malware, ransomware, and insider risk to sensitive data. Fundamentally, to thwart the variations of malware and.....Read More
Platforms like Kubernetes enable immense application delivery power. However, the built-in security controls reflect classical data-at-rest and transport encryption, perimeter, and access control based security. While these controls are important, the last decade has seen leading enterprises and data processors shift towards data-centric over perimeter controls to combat advanced malware, ransomware, and insider risk to sensitive data. Fundamentally, to thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital even with advanced container and app orchestration ecosystems to avoid data compromise or attacks that can create havoc for data-hungry enterprises depending on them.  Read Less
November 20, 2020

Experts On New Grelos Skimmer Variant Reveals Overlap in Magecart Activities
The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers.
The shift to increasingly online merchant transformation as a result of the pandemic combined with consumers embracing potentially new retailers for out-of-stock items as we enter the holiday season creates the dual-edge sword of retail business growth and increased attack opportunity for criminal groups. The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers that steal data on web form entry along with more deeply penetrating malware and.....Read More
The shift to increasingly online merchant transformation as a result of the pandemic combined with consumers embracing potentially new retailers for out-of-stock items as we enter the holiday season creates the dual-edge sword of retail business growth and increased attack opportunity for criminal groups. The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers that steal data on web form entry along with more deeply penetrating malware and ransomware to attack and disrupt the merchant data supply-chain to steal PII, financial, and credit card data. The solution has to be the one-two punch of integrity checking on web sites on a continuous basis to knock out rogue javascript injection, and end to end data protection beyond the web front-end using proven technology including tokenization to render sensitive data useless at the earliest capture point. This potent combination will mitigate these threats and disrupt the attackers own theft-to-darkweb retail business.  Read Less
October 20, 2020

What Experts Say On EU Investigating Instagram Over Child Data Violations
Vendors have the utmost responsibility for compliance and transparency.
For obvious reasons, children’s data collection and protection have very specific handling in many jurisdictions and called out in GDPR very specifically. While a data protection regulator is no substitute for parenting and education to ensure children begin to understand how their data is eventually used, vendors have the utmost responsibility for compliance and transparency. In GDPR Article 8, the consent requirements, age limitations, and responsibilities are very clear, especially around.....Read More
For obvious reasons, children’s data collection and protection have very specific handling in many jurisdictions and called out in GDPR very specifically. While a data protection regulator is no substitute for parenting and education to ensure children begin to understand how their data is eventually used, vendors have the utmost responsibility for compliance and transparency. In GDPR Article 8, the consent requirements, age limitations, and responsibilities are very clear, especially around consent. The fact that a data scientist has discovered trivial data exposure of what appears to be vulnerable minors in data collection applications is alarming if true. This is especially a concern given that it is also equally simple these days to de-identify, mask, or secure it and thus there are few excuses not to comply. In a world of attacks, data theft, and misuse, privacy and security has to be a first priority, especially the data of our next generation’s citizens.  Read Less
October 16, 2020

Experts Insight On Barnes & Noble Hack
Organisations have an increasing obligation to their customers to secure a lot more than just the minimum.
We’ve seen a repeating pattern in recent scaled breaches like this case – partial protection of sensitive data perhaps for compliance, but not the full gamut within the scope of customer data privacy and trust responsibility. Fundamentally, organisations have an increasing obligation to their customers to secure a lot more than just the minimum. Privacy regulations like CCPA are transferring increasing data rights to citizens over data management and security, and today, business leaders.....Read More
We’ve seen a repeating pattern in recent scaled breaches like this case – partial protection of sensitive data perhaps for compliance, but not the full gamut within the scope of customer data privacy and trust responsibility. Fundamentally, organisations have an increasing obligation to their customers to secure a lot more than just the minimum. Privacy regulations like CCPA are transferring increasing data rights to citizens over data management and security, and today, business leaders have to consider personal data as a trusted donation, not just data acquisition. The challenge for CISO’s is balancing data use, security, and data privacy in equal measures. Technologies like tokenisation, particularly those suited to agile and scaled use, help avoid data breaches while preserving analytic utility in data. As such, this technology has to prioritised for investment as a foundation for risk-reduced digital transformation and cloud migration  Read Less
August 28, 2020

Details on over 350,000 SSL247 customers exposed due to misconfigured AWS bucket
The cloud itself represents the ultimate 3rd party risk.
The cloud itself represents the ultimate 3rd party risk, and minimum viable compliance is proven yet again to be nowhere close enough to minimum viable security. The twist is that the shared responsibility model for the cloud puts 100% the responsibility on the data owner when they are responsible to secure, configure, and control the cloud they are using. This is a classic and preventable case of breakdown - assuming the cloud’s controls are in place or sufficient, and illustrating the weak.....Read More
The cloud itself represents the ultimate 3rd party risk, and minimum viable compliance is proven yet again to be nowhere close enough to minimum viable security. The twist is that the shared responsibility model for the cloud puts 100% the responsibility on the data owner when they are responsible to secure, configure, and control the cloud they are using. This is a classic and preventable case of breakdown - assuming the cloud’s controls are in place or sufficient, and illustrating the weak reliance on checklists and humans to enforce them. So many organizations rely on risk assessments instead of hard, proven controls like encryption and tokenization of data. The former may meet a policy, but only the latter will stop data theft when misconfiguration, attack, or error leaves data exposed.  Read Less
August 19, 2020

Experts Reaction On Discovery Of Over 2.5M Medical Records Publicly available
Organizations must at least operate under a HIPAA Business Associate Agreement with the data provider
Sensitive insurance claims processing data, which looks to be in the data in question, is regulated under HIPAA, GLBA, and various state security and privacy mandates in the US. Yet clearly, this data interchange lacked any data security to meet such rules. To receive such information, organizations must at least operate under a HIPAA Business Associate Agreement with the data provider. The BAA outlines mandatory data security controls including data de-identification, encryption, and audit......Read More
Sensitive insurance claims processing data, which looks to be in the data in question, is regulated under HIPAA, GLBA, and various state security and privacy mandates in the US. Yet clearly, this data interchange lacked any data security to meet such rules. To receive such information, organizations must at least operate under a HIPAA Business Associate Agreement with the data provider. The BAA outlines mandatory data security controls including data de-identification, encryption, and audit. While the benefits of third-party AI services are clear, to avoid breaches like this, the data owner as well as the AI service should also consider protecting the data set before sharing and use, for example, with modern data-centric tokenization. This technology balances insight and utility with exposure risk, enabling insight and use of data in low-trust IT. In this case, there’s likely to be significant regulatory response cost which could have been avoided with some very low cost and simple data-security investments that pale in comparison to the cost of remediation.  Read Less
July 23, 2020

Twilio’s SDK Compromised by Attackers – Expert Reaction
Compromise of common cloud security infrastructure is a jewel in the crown for any attacker.
Compromise of common cloud security infrastructure is a jewel in the crown for any attacker given the scope of influence over dependent enterprises and broadly deployed mobile applications alike. Storage configuration, SDK and API attacks are an increasingly exploited vectors that can lead to misdirection, malware injection, manipulation and theft of data. While malvertising was the initial endgame here, that in itself can lead to compromise of end user platforms and secondary data theft. Given .....Read More
Compromise of common cloud security infrastructure is a jewel in the crown for any attacker given the scope of influence over dependent enterprises and broadly deployed mobile applications alike. Storage configuration, SDK and API attacks are an increasingly exploited vectors that can lead to misdirection, malware injection, manipulation and theft of data. While malvertising was the initial endgame here, that in itself can lead to compromise of end user platforms and secondary data theft. Given the increasing dependency and complexity of cloud applications and platforms, human error will have increasing impact and data breach ramifications with further adoption, signaling the need for new approaches to secure data at risk from simple, yet easy to make, mistakes on a more robust level.  Read Less