25 matches found
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due...
Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...
Navigating the perilous waters of conference invitations
TL:DR Being asked to speak at events is great …except when it looks like a scam or a phishing attempt This is walkthrough of my experience If you think it’s a scam, it probably is Its a typical Sunday evening, and as Im gearing up for the week ahead and an interesting email lands in my inbox. The...
Advice for manufacturers on the coming PSTI regulation
TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...
Diligere, Equity-Invest Are New Firms of U.K. Con Man
John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest.ch, and...
FBI Alert: Crypto Scammers are Masquerading as NFT Developers
The U.S. Federal Bureau of Investigation FBI is warning about cyber crooks masquerading as legitimate non-fungible token NFT developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer...
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
GHSA-G6PW-999W-J75M ELF header parsing library doesn't check for valid offset
The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...
ELF header parsing library doesn't check for valid offset
The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...
Maritime regulation. All Hands-on Deck!
TL;DR The regulation from the IMO has changed, you need to do more about cyber security. Key things to focus on: Start asking questions of your supply chain, of your own IT and OT teams Assess the security configuration per vessel – each are different Use Critical National Infrastructure controls...
A little actually doesn’t go a long way: Fight the urge to shortcut your TPRM program
Third Party Risk Management TPRM is hard to get right. Ineffective TPRM is when 83% of legal and compliance leaders identify third party risks after due diligence, despite spending 73% of effort on due diligence. This is supported by 49% of business leaders saying they lack a centralized strategy...
4 Cloud Data Security Best Practices All Businesses Should Follow Today
These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're...
Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M
September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies whos fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips...
Who is Tech Investor John Bernard?
John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to hi...
Due Diligence That Money Can’t Buy
Most of us automatically put our guard up when someone we dont know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Heres the story of how companies searching for investors to believe in their ideas can r...
Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach
After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million $123 million fine under GDPR over 2014 data breach. This is the second major penalty...
Marriott Hit With $123M Fine For Massive 2018 Data Breach
The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...
Super-systemic IoT flaws
IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected car leads to problems with ALL the connected cars using that same system. That led to incidents such as the Mirai botnet...
Mergers, Acquisitions, and Malware?
Every year, tens of thousands of mergers and acquisitions M&A take place across every industry and vertical. In fact, "In 2017, companies announced over 50,600 transactions with a total value of more than 3.5 trillion USD."1 Not only is M&A complex from a business sense, it also brings the...
Cloud-focused Firms Earn High Marks for Software Security in BSIMM8 Report
Companies pushing the cloud envelope are most likely to run safer cleaner code. On the flip side, as the healthcare industry embraces an increasingly software-driven business model, it is struggling to keep up with its peers when it comes to software security. Those are some of the takeaways from...