Security Applications

 Security Applications - what security applications you need to use in business and private life?

Comments

Post a Comment

Popular posts from this blog

Cloud Access Management

Cloud Access Management  Moving to the cloud has countless advantages, from fostering collaboration to allowing employees to work from almost anywhere in the world. The importance of this flexibility was on display when the global COVID-19 pandemic hit. But switching to a cloud-based service can carry a fair amount of risk — oftentimes due to human error. Wyze Labs, a company that specializes in low-cost smart home products, experienced this first hand. An almost-prolific breach occurred at the startup when an employee built a database for user analytics, only to accidentally remove the necessary security protocols. As a result, a database-worth of customers’ personal information was exposed. What you need to know: Managing permissions for your organization has become increasingly important in order to avoid a cloud-based breach. Lax or nonexistent security — and in this case, incorrectly configured security controls — can easily jeopardize the security of your data, exposing your ...
Read more

Supply Chain Attack

 Supply Chain Attack  The SolarWinds attacks, which some experts have called the worst series of cybersecurity attacks in history, are a prime example of the damage a supply chain attack can inflict. In 2020, sophisticated attackers believed to have been directed by the Russian intelligence service, compromised SolarWinds software. They embedded it with malware that was then deployed through a product update, giving them backdoor access to all of SolarWinds Orion Platform customers’ networks. Up to 18,000 customers installed updates that left them vulnerable to hackers, including Fortune 500 companies and multiple agencies in the U.S. government. As Tim Brown, vice president of security at SolarWinds, said recently, “it’s really your worst nightmare.” What you need to know: A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defenses through legitimate thirdparty vendors. Because vendors need access to sensitive data in order to...
Read more

Application Access Token

 Application Access Token  Pawn Storm, an active and aggressive espionage group, uses different strategies to gain information from their targets. One method in particular was to abuse Open Authentication (OAuth) in advanced social engineering schemes, targeting high profile users of free webmail. The group also set up aggressive credential phishing attacks against the Democratic National Convention (DNC), the Christian Democratic Union of Germany (CDU), the parliament and government of Turkey, the parliament of Montenegro, the World Anti-Doping Agency (WADA), Al Jazeera and many other organizations. They continue to use several malicious applications that abuse OAuth access tokens to gain access to target email accounts, including Gmail and Yahoo Mail. What you need to know:  With an OAuth access token, a hacker can use the user-granted REST API to perform functions such as email searching and contact enumeration. With a cloud-based email service, once an OAuth access to...
Read more