Captain's Log, Stardate 2021.10.08

circle
circle

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Combatting security threats to our nation’s critical water infrastructure | Security Magazine/Michael Arceneaux
Increased automation and the adoption of new technologies to assist with meter reading, leak detection and other operational goals open up a host of new attack surfaces for malicious actors to prey upon. And the COVID-19 pandemic added further risks to the equation as more employees began working remotely and using personal devices for official business. Read the full story...

A Devastating Twitch Hack Sends Streamers Reeling| Wired/CECILIA D'ANASTASIO
The leak, first reported by Video Games Chronicle, reportedly contains 125 GB of data. That data includes the source code for Twitch.tv; Twitch’s mobile, desktop, and game console clients; proprietary SDKs; Twitch-owned properties including Vapor, Amazon’s alleged Steam competitor from Amazon Game Studios; and internal security tools. The leak does not appear to contain streamers’ or users’ personal information, but the damage appears extensive. The post is titled “twitch leaks part one,” implying that there may be more to come. Read the full story...

A text message routing company suffered a five-year-long breach | The Verge/Carlos Campbell
The hackers “gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers,” the filing reads. That could include access to call records, and metadata like phone numbers, locations, and the content of text messages, according to Motherboard’s sources. Read the full story...

Former NSA Hacker Describes Being Recruited for UAE Spy Program | ZeroDay/Kim Zetter
In June 2014, Evenden was finishing his military service and intelligence work for the NSA, when a recruiter contacted him about working for a US-based company called CyberPoint. The company had a consulting contract with the UAE, and Evenden was led to believe the work for the UAE would be entirely defensive in nature, aimed at helping the UAE secure its infrastructure against attacks from adversarial nations and terrorists. Once in Abu Dhabi, Evenden realized he had been deceived and that he and colleagues had actually been recruited to perform offensive hacking operations and surveillance on behalf of the UAE’s National Electronic Security Authority, or NESA (the UAE’s equivalent of the NSA). Read the full story...

JupiterOne Customer Q&A Spotlight Series: Jasmine Henry, Director of Cybersecurity at Esper | JupiterOne
This month, we are proud to share Esper’s security strategies with the community. We sat down with one of our JupiterOne champions, Jasmine Henry, Director of Cybersecurity at Esper. Jasmine shared her story as an emerging security leader and lessons learned in her security and compliance journey. This conversation covers everything from why CISOs are customer-facing, how to scale compliance with a distributed security team, and how a company can achieve multi-cloud security. Read the full story...

Resources

 

JupiterOne - The Gartner Hype Cycle

 

avatar

Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.