Fintech cybersecurity

Cybersecurity Trends in Fintech

Thursday, March 04, 2021

The year 2020 will go down in history as being a year of uncomfortable changes. Just about everyone was forced to approach aspects of personal and professional life differently, from buying groceries to conducting business to maintaining safe interactions with others. Fortunately, existing technology and service offerings allowed us to make adjustments and work through …

Solarwinds Hack Timeline

A Timeline of the Solarwinds Hack: What We’ve Learned

Thursday, January 28, 2021

The SolarWinds hack was a major security breach that affected over 3,000 SolarWinds customers, including major corporations like Cisco, Intel, Cox Communications, and Belkin. Also impacted were multiple US states and government agencies including the US Department of State and the US Department of Homeland Security. The attack, dubbed SUNBURST, involved inserting malicious code into SolarWinds’s Orion Platform software. This …

Kiuwan web application security blueprint

Create a Web Application Security Blueprint

Monday, January 04, 2021

The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …

SAST and DevSecOps

The Role of SAST in DevSecOps

Thursday, December 03, 2020

Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …

Firmware vulnerabilities

What Makes Firmware Vulnerabilities So Deadly?

Tuesday, November 03, 2020

Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …

communicating with customers about a security breach

Communicating with Customers in the Event of a Breach

Thursday, October 15, 2020

There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and effectively to customers and shareholders: What happened Why it happened What it means Let’s examine a major retailer’s …

principle of least privilege

Putting the Principle of Least Privilege to Work for Web Apps

Thursday, September 24, 2020

With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather, the processes within which they operate) make use of privileges and access …

web app security

The Cyberthief’s New Best Friend: Web Apps

Thursday, September 03, 2020

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …

SAST and SCA

SAST and SCA: Putting the Puzzle Together

Thursday, August 27, 2020

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …

Kiuwan cybersecurity tool

Cybersecurity: How Safe are Voice Assistants?

Thursday, June 04, 2020

This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At best, Apple’s Siri- for instance- may seem like a “naïve” helper that can check weather …