Friday, July 3
Apple tells app devs to use IPv6 as it’s 1.4 times faster than IPv4
Cyber Security

Apple tells app devs to use IPv6 as it’s 1.4 times faster than IPv4

Apple is encouraging developers to prioritize newer web technologies inside their iOS and macOS applications.In a short technical presentation at the WWDC 2020 conference last week, Apple shared some internal statistics in the hope of convincing app developers to adopt new web technologies and protocols, such as IPv6, HTTP/2, TLS 1.3, and Multipatch TCP.IPv6One of the newer technologies that Apple would like developers to implement is IPv6, the next iteration of the IP protocol, set to replace the older IPv4 version."Apple platforms have had native IPv6 support for a number of years, including support for IPv6-only networks," said Jiten Mehta, Internet Technologies Engineer at Apple....
One out of every 142 passwords is ‘123456’
Cyber Security

One out of every 142 passwords is ‘123456’

In one of the biggest password re-use studies of its kind, an analysis of more than one billion leaked credentials has discovered that one out of every 142 passwords is the classic "123456" string. The study, carried out last month by computer engineering student Ata Hakçıl, analyzed username and password combinations that leaked online after data breaches at various companies. These "data dumps" have been around for more than half a decade, and have been piling up as new companies are getting hacked. The data dumps are easily available online, on sites like GitHub or GitLab, or freely distributed via hacking forums and file-sharing portals. Over the years, tech companies have been c...
The next cybersecurity headache: Employees know the rules but just don’t care
Cyber Security

The next cybersecurity headache: Employees know the rules but just don’t care

Employees are still ignoring cybersecurity best practice despite being more aware of the risks. Cybersecurity has shot to the top of many IT leaders' priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice, according to new findings. Security firm Trend Micro surveyed more than 13,000 remote workers across 27 countries for its latest Head in the Clouds survey, which sought to understand individuals' attitudes towards risk in terms of cybersecurity. SEE: Mobile d...
Zoom: We’ve delivered on all of our security and privacy promises, apart from one
Cyber Security

Zoom: We’ve delivered on all of our security and privacy promises, apart from one

CEO Eric Yuan said the company had been working to improve safety, privacy and security, but has pushed back the date for its transparency report. The meteoric rise of videoconferencing platform Zoom during the global lockdowns was accompanied by criticism of its cybersecurity standards. As more remote workers turned to Zoom for business meetings, virtual get-togethers and other forms of socially distanced communication, it soon became apparent that security –thanks to headaches such as a wave of ' Zoom-bombing ' – was an area that needed more work. As a result, Zoom CEO Eric Yuan launched a 90-day programme that pledged to addre...
Paul’s Security Weekly: New Web Technology & Impact on Automated Security Testing
Cyber Security

Paul’s Security Weekly: New Web Technology & Impact on Automated Security Testing

Our core security researcher, Benjamin Daniel Mussler, has been invited to Paul’s Security Weekly podcast to participate in a discussion about new web technologies and their impact on automated security testing. Benjamin primarily talked about the fact that web browsers have gone a long way since serving static pages and web applications are becoming more and more like desktop applications. This means that the web browser is taking on the role of an operating system. The biggest challenges related to this are: Browsers will gain more and more access to the underlying operating system without user confirmation (for example, direct file system access). Therefore, web vulnerabilities may have even more serious implications on the client side. Security professionals must find ways to ...
Women in Payments: Q&A with Julie Quandt
Cyber Security

Women in Payments: Q&A with Julie Quandt

Julie Quandt used to be the only woman in the room at her corporate meetings. In this month’s Women in Payments blog series, find out why that’s changing and why the good old days of not having to wait in line for the ladies’ room at industry conferences may now be over. (more…)
Women in Payments: Q&A with Diane Rogerson
Cyber Security

Women in Payments: Q&A with Diane Rogerson

Diane Rogerson didn’t choose a career in cybersecurity; rather, it chose her. In this month’s blog series, find out how Rogerson’s transferrable skillsets were more valuable than her subject matter expertise around cybersecurity, and how she thinks other women can be successful in this regard, too.   (more…)
Ripple20 Threatens Increasingly Connected Medical Devices
Cyber Security

Ripple20 Threatens Increasingly Connected Medical Devices

A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.Earlier this month, JSOF security researchers disclosed the "Ripple20" vulnerabilities, a series of flaws affecting connected devices in the enterprise, industrial, and healthcare industries. Experts worry about the implications for connected medical devices, which could provide attackers with a gateway into a hospital network or enable them to affect patient care. Ripple20 exists in a low-level TCP/IP software library built by software company Treck. Many IoT device manufacturers build the library directly into their devices or integrate it through embedded third-party components. As a result, organizations may not know they're exposed. These vulnerabilities range in severity from small b...
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Cyber Security

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs. Months into the COVID-19 pandemic,countless large and small businesses across the globe are operating in survival mode, focused on pushing through the storm. While companies concentrate on getting through each day and week, one at a time, we would be careless not to encourage them to scrutinize the potential bad actors — specifically, nation-states — that are looking to capitalize on the weaknesses created or exposed by the pandemic. According to a security vendor Radware, by the end of 2019, over a quarter of companies had experienced a foreign government/nation-state attack. In 2018, 19% of organizations believed they were attacked by a nation-state. That f...
4 Steps to a More Mature Identity Program
Cyber Security

4 Steps to a More Mature Identity Program

Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.Certain junctures in history have created unintended dichotomies: haves and have nots, protected and unprotected. In cybersecurity, COVID-19 has shown us whether an enterprise is well ahead of the digital transformation curve or woefully behind. Those who've transformed have also embraced a security approach that de-emphasizes perimeter defense and instead elevates identity. Many organizations have rushed to provision IT services such as a virtual private network or other access controls to enable a virtual workforce, but identity is much more than merely providing access gateways to resources. Access without oversight merely increases the attack surface for an enterprise. Using...