September 03, 2019
Business Continuity And Top Management Are Inseparable
Business Continuity and Top Management are Inseparable ContinuityCentral.com posted an analysis by editor David Honour of a crisis communication statement made by National Grid CEO John Pettigrew following a wide-area power outage that occurred on August 9th, which was the largest to occur in the UK for over a decade. The analysis scrutinizes every part of Pettigrew’s statement, […]
Read more
August 02, 2019
Avoiding the Capital One Breach: Defense in Depth
With the release of the criminal complaint in the recent Capital one breach we now have a better understanding of how Paige A. Thompson exfiltrated data from their cloud vendor. We don’t know all the details and can only make inferences based upon the information available. Deploying CloudGuard on AWSCase Study The complaint states that a GitHub file was […]
Read more
July 30, 2019
VxWorks Vulnerabilities: More Exposure Than You Think
Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack. Well, while this is something you may not have heard of it is the real time operating system […]
Read more
July 23, 2019
Your Password Policy Should Challenge Hackers, Not Your Users
Any time a human is involved, the potential for weakened security increases. Password policies are necessary for cybersecurity compliance; however, burdensome password policies can result in bad user behavior like password transformation. SUBSCRIBE TO SAYERS BLOG REMEMBER WHEN – IBM published the startling statistic that human error was found to be involved in 95% of all security incidents in “2014 Cyber […]
Read more
July 03, 2019
Affordable Cybersecurity Assessment using OWASP
Sometimes we just need a sanity check and assessments offer that opportunity. An assessment can offer a glimpse into those things that may require our attention, and ideally, some validation of our good work. But, they can be potentially expensive. For a quick self-assessment, there is a less-expensive option to consider. The OWASP Cyber Defense […]
Read more
February 17, 2019
Doomsday Docker Software Vulnerability
The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower. At least slow enough so we security professionals can properly get on-board. The most recent indicator of this need is the runC vulnerability just identified in the most common container toolsets in use today. Docker, […]
Read more
