Its not a problem until its a problem… Mickey Fox This should be enough to give you a bit of heartburn. The average large enterprise as 1200 various cloud services (including PaaS and SaaS offerings) that are in use and 98% of them are unsanctioned and unvetted SaaS apps according to the Enterprise Strategy Group.… Continue reading Just How Big A Problem Is Shadow IT
The year is closing and its now time to reflect back on the hot mess that was 2020. The only thing missing so far is having Umbrella Corp handing out the COVID vaccine and kicking off the zombie apocalypse. We have survived fires, earth quakes, volcanoes, floods, murder hornets, giant globe spanning dust storms and… Continue reading OWASP Top 10 – Still The Same After a Decade
Since my keyboard is a Razer, once again I find myself the victim of a data breach. This time it was a mis-configured log store. However, the article goes on to say this about misconfiguring your cloud services. Breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total Since… Continue reading Razer Log Breach
I have tinkered around with Magento a bit on the back end. It is what I would call a hot mess. The code base is huge. I did a GIT pull of their most recent 2.4. The zipped file is 75MB. To put this in perspective, Zen Cart is 10MB. The code is also quite… Continue reading Magento – A Tale of Woe
If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise
I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable
Its fairly esoteric but if any of the security professionals out there have ever pen tested a java script application, you know just how vulnerable they can be. Node.js is just the shiny new java script framework and tne newest heir apparent to JQuery. The problem with Node.js is that in order to write anything… Continue reading Node.js Has Vulnerabilities
With the advent of the new Boothole, it might be time to learn how to automate your patching and get on a blue-green path so you can patch and test quickly to respond to these kinds of threats. For those who haven’t seen it, Boothole is an issue where the attackers can gain control of… Continue reading Start Your Patching Engines
There are a bunch of new exploits out that use bluetooth to do a whole list of dirty deeds. It covers everything from simple data harvesting.. collecting your emails, your text messages, and your whole phone book to actually being able to send things as you to other people. These are basically replay attacks where… Continue reading Turn off Your Bluetooth ASAP
