10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
The baby upchucks. The dog loudly informs you that she’s detected a budding squirrel armageddon. Your department’s Zoom meeting starts in four minutes. The Bank of Fezziwig texts: If you haven’t enabled online banking, click here.
What. Do. You. DO?!?
It doesn’t matter that you’ve been working remotely since circa P.P. – that’s Pre-Pandemic times. Now, your spouse is underfoot, your kids are bouncing off the walls of your quote-unquote office, you haven’t had coffee, and you’re pretty sure you don’t even have an account at B of F, so you better just click that link and get the thing off your phone and out of your face.
(Brought to you by SpecOps. Underwriters of Threatpost podcasts do not assert any editorial control over content.)
Wrong answer! You’ve been smished by an attacker who sent a malicious link via SMS.
Two years into the pandemic, remote work has become common, but securing data is just as tough as it’s always been. You don’t have to look far to see tales of human error leading to cyber malfeasance: The human factor is at the base of most cyberattacks, from the employees who fall for business email compromise (BEC) attacks to whoever forgot to shut down that no-longer-used VPN account that attackers used to launch the calamitous Colonial Pipeline ransomware attack.
Mark Loveless is a staff security researcher at GitLab, maker of the web-based Git repository. He’s an expert at securing data when you’ve got a remote, oftentimes frantically distracted workforce. After all, as GitLab puts it, it’s “one of the world’s largest all-remote companies,” with over 1,500 team members located in more than 65 countries around the world.
Mark visited the Threatpost podcast to give us an update on the world of remote work and to answer this question: Where are we now with data protection?
Caution: If you’re playing a drinking game based on how many times he’ll say “Zero Trust,” stock the liquor cabinet before listening. Mark also cautioned that the dog might see a squirrel during our interview. It happens.
You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.
Register Today for Log4j Exploit: Lessons Learned and Risk Reduction Best Practices – a LIVEThreatpost eventsked for Thurs., March 10 at 2PM ET. Join Sonatype codeexpert Justin Young as he helps you sharpen code-hunting skills to reduce attacker dwell time. Learn why Log4j is still dangerous and how SBOMs fit into software supply-chain security. Register Now for this one-time FREE event, Sponsored by Sonatype.
traffic.libsyn.com/digitalunderground/022522_Mark_Loveless_GitLab_mixdown.mp3
about.gitlab.com/company/culture/all-remote/guide/
bit.ly/3BXPL6S
bit.ly/3BXPL6S
threatpost.com/bec-losses-top-18b/167148/
threatpost.com/colonial-pays-5m/166147/
threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/
threatpost.com/microsite/threatpost-podcasts-going-beyond-the-headlines/
threatpost.com/practical-guide-zero-trust-security/151912/
threatpost.com/smishing-text-phishing-ciso-radar/165634/
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C