Improving cybersecurity maturity can be a struggle for organizations at every level as the industry collectively grapples with skills shortages and a complex threat landscape. Building a mature development organization can strengthen overall security.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
An SMS phishing attack compromised cloud communications giant Twilio, leaking customer data and targeted content delivery network provider Cloudflare. Twilio says the data breach impacted at least 125 customers.
The Cisco network breach was traced back to an employee's personal Google account. It was protected by multi-factor authentication (MFA), but the attacker tried a number of different voice phishing attempts.
There’s a cybersecurity workforce gap. Adopt the Ted Lasso approach and shift from focusing on hiring security specialists to instead recruiting leaders and coaches to help bridge the DevSecOps divide that keeps development and security from seeing eye to eye.
The FCC warned about increased robotext scams from automated smishing attacks stealing personal information by impersonating known companies such as credit card companies, parcel delivery services, and law enforcement agencies.
The problem stems from developers failing to remove the Twitter API keys they use for authentication from the app before they release it to the public. This creates the possibility of account hijacking.
For connected medical devices, cyberattacks are a massive threat to patient safety. As BLE connectivity for IoMT devices becomes more prevalent, protocol fuzzing validation will become even more critical in maintaining patient safety and trust in advancing technologies.
A cybersecurity startup Buguard said hackers used malware to steal passwords for Wiseasy's remote control dashboards to compromise payment terminals worldwide. Hackers could control payment terminals, install and remove apps, access personal information, and make configuration changes using the remote control dashboards.
Security researchers have found over 35,000 code repositories with malicious forks or clones leading back to a single source. Malware in the tainted code repositories is designed to steal environment variables, stored elements that serve as authentication for various online services.
An attacker could use a vulnerability to issue fake alerts via the Emergency Alert Systems. The vulnerable software is in the possession of television and radio stations throughout the country, who are being called upon to download a software update.










