ROI

Open Security News week 35-2023

Security by design is not a product. Nor a simple straight through process. Security by design can be viewed as a core philosophy to do the right things from a cyber security perspective in every action performed when developing and producing a new product. Too many organisations are depending on vulnerable vendor solutions for security protection that over promise but under deliver. Cyber security is a wicked problem, so learn from mistakes already make by others.

1 Downfall Attacks

This is a real security challenge: Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. Simple is of to practice defense in depth and security by design. So assume hardware is broken by design.

(Link)

2 How the FBI goes after DDoS cyberattackers

Nice interview on FBI discussing DDoS-for-hire sites. As suspected criminals who are offering services tend to be more sophisticated than the criminals that are consuming the services. Hard verification on facts is missing, but we preventing a DDos is still not in some cases impossible.

(Link)

3 Discord.io suffers massive data breach

Leaving your information on a site is always a risks. So sites that really take security seriously minimize data collection. The Discord.io breach is again a breach that was just a matter of time. The sensitive information leaked gives some indication on the security management, culture and design of the systems of discord.io. It doesn’t look well to put is mildly.

(Link)

4 Can you pass the Rekt test?

Do you have all actors, roles, and privileges documented? The Rekt Test focuses on the simplest, most universally applicable security controls to help teams assess security posture and measure progress. Personally I rather see implemented measurements a bit more important than security-by-documentation.
(Link)

5 How to secure your database

I love simple ‘How-to’ articles. If you have limited time and need a checklist, this article helps you with securing your database. Truth is: It is not simple.
(Link)

6 Crypto Startup Bankrupt After Losing Password to $38.9M Crypto Wallet

A Playbook on why security matters. Simple advice is avoid Crypto when you do not understand all risks.

(Link)

7 Open Software Supply Chain Attack Reference

A great framework for Releasing Secure Products. Check it out.

(Link)

8 Office 365 and workplace surveillance creep

When security is sold as extra features your privacy is at risks. Very disturbing read of this very serious privacy foundation!

(Link)

Our partners:

nocomplexity

The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.