Tag Archive for: create

Security Breach: The Hack You Helped Create

/in


This episode focuses on a vulnerability within the industrial sector that is essentially a product of progress. The enhanced data sharing capabilities and operational efficiencies that have been realized in establishing an estimated 20 billion device connections in manufacturing enterprises around the globe have come at a price for some.

In the sector’s zeal to push forward with digital transformation plans and realize the benefits of automation, software and data-driven production schemes, all of these connection points offer a soft spot for hackers to probe and pinpoint in launching various types of attacks.

Joining us to discuss this evolving situation and offer some in-depth analysis from his company’s recent report – The API Security Disconnect – is Filip Verloy, Technical Evangelist at Noname Security.

For more information on the work Noname Security does, you can go to nonamesecurity.com.

To catch up on past episodes, you can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

Source…

Can Cloud Telephony Services with Military Grade Security Enable Organizations to Create High Brand Value?

/in


By Shubham Patidar, Research Consultant at Fact.MR

In today’s technology driven world, the workforce is spread out between those working remotely and those working in offices, with some planning on returning to their office full-time and others remaining on a hybrid or remote model for the foreseeable future. While several companies worldwide have remained invested in the on-premises calling system, the reality is that, today, the shortest way to communicate is often through a stable internet connection.

Companies are thus investing huge sums in the development of a unified communications system with a cloud calling feature. Adapting their communication systems to this new technology can potentially improve or even future-proof the line of communication in and outside of an organization.

Cloud calling, often referred to as cloud telephony, helps in making a company’s overall phone system cost less. It provides voice communication services primarily through a third-party host. It is gradually replacing the need for traditional enterprise telephone systems, including private branch exchange across the globe.

Cloud telephony services further frees organizations from the burden of purchasing and storing stand-alone hardware such as handsets and private branch exchange boxes. It also sets the stage for equipping complementary unified communications as a service (UCaaS) features such as artificial intelligence (AI)-enabled customer support, keyword and voice analysis, interactive voice response (IVR), and call center capabilities.

Organizations nowadays are utilizing cloud telephony services to better connect their teams and make their employees more satisfied, engaged, and focused in their roles. The term ‘cloud telephony’ signifies a multi-tenant access model, with subscribers paying to utilize a provider’s pool of shared and commoditized resources.

As per Fact.MR, a leading market research firm, the global cloud telephony services industry is projected to reach a valuation of US$ 51.5 Billion by the end of 2032 and exhibit growth at a CAGR of 9.5% from 2022 to 2032. Surging need to reduce phone bills and the overall teleconferencing cost in an organization is expected to…

Source…

How to create a strong password

/in



The Waterloo-based cyber security company eSentire says people need to be more careful when picking the perfect password. Though the list of password requirements continues to grow, the company says a longer password is often still not enough to keep you safe.


“If someone wants to get that information, there are ultimately ways to acquire that information,” said Ryan Westman, senior manager for threat intelligence at eSentire Inc.


Westman said face or thumb recognition won’t stop hackers. He suggested people and businesses use tools like password managers, paired with multi-factor authentication.


“A password manager basically acts as a vault. So you’ll have one password to access the vault and inside that password manager you can have generated passwords you can use for your various online services,” said Westman. “If one of those parties do get breached, there is another way to verify you as an authentication measure.”


Westman said it is important to take the proper steps and add extra layers of protection to increase your personal cyber hygiene.


According to security company Cisco Canada, many people recycle passwords or use the same one for many different services.


“The attackers know this and they are searching for easy-to-guess passwords on a continuous basis,” Dave Lewis, a global advisory chief information officer at Cisco Canada, told CTV News earlier this year.


According to the mobile security firm Lookout, these five passwords are the most often hacked:


  1. 123456


  2. 123456789


  3. qwerty


  4. password


  5. 12345


 


With files from CTV Toronto.


 

Source…

Aqua Security Collaborates with CIS to Create the First

/in


BOSTON, June 22, 2022 (GLOBE NEWSWIRE) — Aqua Security, the leading pure-play cloud native security provider, and the Center for Internet Security (CIS), an independent, nonprofit organization with a mission to create confidence in the connected world, today released the industry’s first formal guidelines for software supply chain security. Developed through collaboration between the two organizations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms. In addition, Aqua Security unveiled a new open source tool, Chain-Bench, which is the first and only tool for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Establishing Best Practices for Software Supply Chain Security
Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. The new guidelines establish general best practices that support key emerging standards like Supply Chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF) while adding foundational recommendations for setting and auditing configurations on the Benchmark-supported platforms.

Within the guide, recommendations span five categories of the software supply chain, including Source Code, Build Pipelines, Dependencies, Artifacts, and Deployment (link to blog with overview).

CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms. As with all CIS guidance, the guide will be published and reviewed globally. Feedback will help ensure that future platform-specific guidance is accurate and relevant.

“By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come,” said Phil White, Benchmarks Development Team Manager for CIS. “Any subject matter experts that develop or work with the technologies and platforms that make up the software supply chain are encouraged to join the effort…

Source…