Captain's Log, Stardate 2021.10.15

circle
circle

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Mandating a Zero-Trust Approach for Software Supply Chains | Threatpost/Sounil Yu
In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks.Since the executive order, software makers and buyers have been trying to make sense of how SBOMs support supply-chain security. Undoubtedly, many see it as a headache, but I believe it is a sensible safeguardRead the full story...

A newspaper informed Missouri about a website flaw. The governor accused it of ‘hacking.’| Washington Post/Philip Bump

On Thursday, Gov. Michael Parson (R) called a news conference to warn his state’s citizens about a nefarious plot against a teachers’ database by a reporter from the St. Louis Post-Dispatch. “Through a multistep process,” Parson said with great solemnity, “an individual took the records of at least three educators, decoded the HTML source code and viewed the Social Security number of those specific educators.” It seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page. If you used “View source” on this page, you noticed that there’s a ton of stuff included in the HTML that isn’t displayed, most of which is instructions for scripts and things like that. Read the full story...

Photo editor Android app STILL sitting on Google Play store is malware | BleepingComputer/Ax Sharma

An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app is called "Blender Photo Editor-Easy Photo Background Editor" and has been installed over 5,000 times to date. Last week, similar malicious apps with over 500,000 installs were also found on the Play Store. Read the full story...

Ground control to Captain Kirk! William Shatner is off to the final frontier, for real | The Guardian/Duncan Barrett
Risk is our business!” So declared William Shatner in the 1968 Star Trek episode Return to Tomorrow. His character, Cpt James T Kirk, in a speech worthy of his real-life inspiration President John F Kennedy, led his crew through an imaginary potted history of human space exploration: first the moon, then Mars – then on to “the nearest star”. Half a century later, Shatner is on his way to space for real, making him the first Star Trek captain to boldly go where only a few hundred people have been before. His voyage today (unless it’s postponed again due to weather conditions) comes courtesy not of Nasa – let alone Star Trek’s utopian, post-capitalist Federation – but thanks to Amazon boss Jeff Bezos’s commercial space flight company, Blue Origin. Read the full story...

How To Get Started With IT Security Policies and Procedures
| JupiterOne/Jeff Lee
Why, exactly, so we need so many policies and procedures? Policies and procedures reflect your organization’s internal view of how to run security. In addition to achieving compliance objectives like PCI, HIPAA, etc., companies need to protect their employees, partners,customers, and themselves from damaging acts - either malicious or unintentional. I’ve created a short guide to cover how to get started with your own IT security policies and procedures. Whether you’re an early-stage startup that is just starting out or an enterprise with your own custom frameworks and policies, we’ve got you covered. Read the full story...

Resources

 

JupiterOne - The Gartner Hype Cycle

 

avatar

Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.