July 30, 2019
VxWorks Vulnerabilities: More Exposure Than You Think
Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack. Well, while this is something you may not have heard of it is the real time operating system […]
Read more
July 23, 2019
Your Password Policy Should Challenge Hackers, Not Your Users
Any time a human is involved, the potential for weakened security increases. Password policies are necessary for cybersecurity compliance; however, burdensome password policies can result in bad user behavior like password transformation. SUBSCRIBE TO SAYERS BLOG REMEMBER WHEN – IBM published the startling statistic that human error was found to be involved in 95% of all security incidents in “2014 Cyber […]
Read more
July 03, 2019
Affordable Cybersecurity Assessment using OWASP
Sometimes we just need a sanity check and assessments offer that opportunity. An assessment can offer a glimpse into those things that may require our attention, and ideally, some validation of our good work. But, they can be potentially expensive. For a quick self-assessment, there is a less-expensive option to consider. The OWASP Cyber Defense […]
Read more
February 17, 2019
Doomsday Docker Software Vulnerability
The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower. At least slow enough so we security professionals can properly get on-board. The most recent indicator of this need is the runC vulnerability just identified in the most common container toolsets in use today. Docker, […]
Read more
January 28, 2019
Combatting Uncertainty Around Cloud Security Readiness
Overall, there is a weak grasp on what “Cloud Security” actually means. I recently spent time discussing possible challenges with cloud security at a cybersecurity conference. As I tried to pack my research into the allotted twenty-five minutes, I quickly realized we, collectively, don’t have a good grasp on what cloud security actually means. I think this is the […]
Read more
January 07, 2019
Life Safety Above All Else
Years ago, when I sat for my CISSP, I went into the exam carrying two bits of advice offered to me by a mentor: #1. In matters of security, choose the most conservative path.#2. Life safety above all else. Critical infrastructure providers, and more specifically, the Healthcare and Public Health providers, have rightfully followed these […]
Read more