Captain's Log, Stardate 2021.07.23

circle
circle

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

One Click and You're Dead | CodeX
The single click that “X” has just executed has spawned a virus that is just about to destroy the information technology infrastructure of the enterprise which employs them.
What has been unleashed is “Ransomware” otherwise known a “Crypto Locker”. The software launches out of a hidden folder named “AppData”, everyone using a Windows PC has one as part of their user profile. Read the full story...


Supply Chains Have a Cyber Problem | Rand Corporation

Disruptions keep traveling through software linkages, stalling new parts of the physical supply chain. But the reverse is potentially true as well: Compromised physical goods can become cyber risks. Hackers prey on targets with a large “attack surface.” The more open ports to exploit, open machines to corrupt, or even open humans willing to open suspicious emails, the larger the attack surface. Supply chains, by linking together hundreds if not thousands of firms, present the perfect attack surface. Read the full story...

7 Hot Cyber Threat Trends to Expect at Black Hat | DarkReading
This year's Black Hat USA is bringing a hybrid format forward to offer something for everyone—in-person presentations and trainings (and parties!) as well as a healthy slate of virtual offerings for those who aren't quite ready to add travel to their repertoire. The following are some of the threat and vulnerability trends that attendees or viewers at home should expect to see during the conference. Read the full story...

The 25 most dangerous software vulnerabilities to watch out for | ZDNet
Mitre has released its rundown of the most widespread and critical vulnerabilities in software, many of which are easy to find and can be exploited by cyber criminals to take over systems, steal data or crash applications and even computers. The 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses details the most common and most impactful security issues. Read the full story...

Azure Access Review using Optional Traversals in JupiterOne | Nick Dowmon
Azure role-based access control (RBAC) allows for expressive access policies through the use of Azure role assignments. Azure role assignments are nodes that link three distinct constructs in Azure: Principals, Role Definitions, Scope. With three arbitrary relationships to target entities, Azure role assignments are well modeled as a graph of entities and relationships. Read the full story...

Resources

Modern Visibility in Cyberseccurity

avatar

Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.