This post is based on my understanding and feedback after studying the Self Sovereign Identity concepts (SSI ) via all the documents and videos provided by Damien Bod in his blog post about SSI.
The importance of Privileged Access Management (PAM) in 2-min read
Businesses now more than ever, are vulnerable to cyber-attacks. This is why we will focus on prevention and how to stay ahead of attackers with the use of a Privileged Access Management (PAM) solution.
What is Certificate Transparency and how important is it?
Certificate Transparency is a publicly logging of Transport Layer Security (TLS) certificates. This open framework is defined in the experimental RFC 6962 1https://datatracker.ietf.org/doc/html/rfc6962 (Request For Comments).
Continuous deployment: applying security for web application development
The rise of Continuous deployment
With the rise of the Continuous Deployment[1]https://www.atlassian.com/continuous-delivery/continuous-deployment activity, the frequency at which web applications (website, API, etc.) are deployed has significantly increased. Nowadays it is common to see companies deploying a new version of a web application several times a weeks/months[2]https://cloud.google.com/blog/products/devops-sre/another-way-to-gauge-your-devops-performance-according-to-dora.
Risks linked to external dependencies
Nowadays, most of the software is based on external components that are created and maintained by external entities. External components are also named “third-party” components and can be, for example, a library. The objective is, most of the time, to delegate specific operations to dedicated components. This facilitates the maintenance of the main application and lets the developers focus on the code providing the business features. The type of operation performed by a component can be, for example, Processing of specific file format, logging, handling of business data formats (e.g., SWIFT) and so on.
The art of hiding secrets in plain sight with base64 padding steganography
The technique of hiding information in public data is called steganography. The Base64 encoding uses 0-padding when encoding data. It is possible to hide information in this padding, as it is disregarded upon decoding. For efficiently hiding larger amounts multiple strings need to be encoded as one Base64-encoded string can contain 4, 2 or 0 bits of secret text. This article explains the technique, provides a python code for hiding and retrieving the information and shows performance information about the method.
What are HermeticWiper & IsaacWiper?
Imagine waking up one day to find that all your important data, such as photos and documents, has been erased with no way to restore them. A scary thought, right? As technology evolves, so does the way we store valuable data. Let’s face it, users do not keep a hard copy of every photo or document they have on their computer. With their busy daily routines, people are so used to storing data on electronic devices for quick access.
The problem is that few users are in the habit of keeping backups, especially on a separate device such as a portable hard drive or USB stick. By not preparing for the worst, they become the perfect victims of a Wiper malware attack.
SPF, DKIM & DMARC, the three pillars of email security
The ending of the almost eponym 1946 movie finds Frank musing about his own incoming death. You see, he and his beloved Cora escaped justice once after having killed her husband, Nick. But here he is, condemned for murdering Cora, even though her death was accidental. And in his mind, it feels pretty much as if Justice was served in the same way as the postman delivers letters, who rings once, and if nobody answers, rings again for important missives.
Arguably, a lot of drama could have been avoided if Frank had just absconded with Cora straight from the beginning. And instead of a goodbye note left in a cash register for Nick, Cora would have posted a letter from far away. But that would probably not have made an interesting story, apart maybe, the said delivery of the letter by a postman.
That will be the focus of today’s post. Except instead of an envelope, stamps and paper, we will bring it to our digital era and look at how emails travel and what measures can be taken to ensure they are legitimate.
Or even better, what measure can be taken to prevent unauthorized people to send an email seemingly coming from our domains.
Mobile Device Management or Mobile Application Management?
Nowadays and even before the pandemic, mobile devices have become an integral part of the business world as every employee owns a smartphone and companies depend mainly on the use of laptops, smartphones, and tablets to handle day-to-day business tasks ranging from critical to mundane. The pandemic only accelerated this digital transformation towards more Cloud environments. But what about security risks and constraints?
Cyber crisis management in 4 steps
In this article, we address cyber crisis management. Indeed, a cyber crisis is the consequence of one or more malicious actions taken on the information systems of an entity. They may have consequences that can be disastrous both financially and reputationally speaking.