Captain's Log, Stardate 2021.05.14


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Executive Order on Improving the Nation’s Cybersecurity | The Whitehouse
"It is the policy [Biden] of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order."

Anatomy of a $2 Million Darkside Ransomware Breach | Kim Zetter / Zero Day

Days before the Darkside ransomware creators formally launched their business with a press release last August, a U.S. victim was already preparing to pay them a $2 million ransom. The victim, reportedly Brookfield Residential Properties, a Calgary-based home builder and land developer for residences in Canada and the U.S., evidently refused to pay the ransom and instead restored their data and systems from backups.

How Stackers ditched the wiki and migrated to Articles | Stack Overflow
Developers’ distaste for documentation, especially among independent contributors, is a well weathered meme in the world of software. Even Stack Overflow is not immune to this tension. “For management, an age old problem is that engineers hate to write documentation. It’s a check box on the process, something that takes time to write but that you feel no one will read it. There is this black hole syndrome where you spend hours working on something and get no feedback. I’ve heard people joke that documentation is where ideas go to die,” explains Tom Limoncelli, head of SRE.

Echelon exposed riders’ account data, thanks to a leaky API | TechCrunch
Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information. Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday and workout statistics and history — of any other member in a live or pre-recorded class.

Modern-Visibility-for-Cybersecurity-and-IT-Asset-Management-JupiterOne_thumb-1Modern Visibility for Cybersecurity and IT Asset Management | JupiterOne
The cybersecurity technology landscape is fragmented and niche, and for good reason. Enterprises use specialized infrastructure and security tools each of which has its own definition of asset. Understanding your entire cyber asset landscape is nearly impossible due to the breadth of technologies in play. Identifying a new definition of cyber asset is mandatory to building a successful security program. Learn how to find, monitor, visualize, and govern your cyber assets with deep understanding of cyber asset relationships.



Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.