If not, then you should be…and here’s why. Most organizations leverage clouds providers (like AWS, Azure, etc.) extensively these days. Typically public cloud is an integral part of the overall roadmap, with most organizations having some form of a hybrid model. The hybrid model involves a private cloud (internal managed data center) along with a […]

Energy is the all pervasive fuel which drives world economies. It is no wonder that hackers regularly target energy sector companies to cause massive disruption. In a report titled “The road to resilience: managing cyber risks”, Christoph Frei, Secretary General, World Energy Council said the following: Cyber threats are among top issues keeping energy leaders […]

Most organizations face challenges with prioritizing risk from a new vulnerability or threat. At times, late breaking threats do not provide a severity assessment. The standard way to identify the key characteristics of a threat is using CVSS (Common Vulnerability Scoring System). CVSS provides a Vector (based on key dimensions / attributes of the threat […]

  Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available. This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are […]

Recently the industry has seen a trend where organizations are moving rapidly to integrate vulnerability detection tools as part of their CI / CD environments. That’s a step in the right direction only if the risks that emanate out of those integrations are carefully considered and mitigated. Unfortunately we don’t see much evidence of due […]

[Credits: Photo by rawpixel.com from Pexels] With the internet, things are moving at an alarmingly fast pace. This equates to increased attack surface and phenomenal increase in the number of vulnerabilities out there. Industries are trying to keep up. Evidently one industry which is struggling to keep the pace is Healthcare. In the healthcare industry, the […]

United States Senate Permanent Subcommittee on Investigations recently published a report titled “How Equifax neglected cybersecurity and suffered a devastating data breach“. It details out what aspects contributed to the data breach at Equifax and how Equifax’s competitors (TransUnion and Experian) were able to successfully mitigate the threat. The report is around 71 pages long and […]

Late last week, all of us were made aware of Chrome zero day ( CVE-2019-5786 ), “use after free in FileReader resulting in remote code execution“. This had a published exploit in the wild making it absolutely critical to patch without any delay. Users of ThreatWatch were not only notified of this intelligence but also […]

Early last week, all of us got alerted with reports of a major vulnerability in the “runc” binary. The vulnerability was due to the way the runc binary handled system file descriptors when running containers , which could allow malicious containers to overwrite contents of the binary and ultimately cause remote code execution. Not many […]

If you are in the health care industry, you might be aware of the voluntary cybersecurity guidance issued by Department of Health and Human Services (HHS) for health care industry. This guidance is aptly titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (aka HICP), as the key to “protecting patients and their data” […]