A hacker group by the name of Shadow Brokers has released tools that can ease the process of hacking into Windows computers and other Microsoft products. According to Business Insider’s Julie Bort, the author of this article, “The hacking tools are allegedly part of the arsenal that was said to be stolen from the NSA last summer.” We are starting to experience the ripple effect of what was created for spying purposes. This is the sort of things government agencies, organizations, IT Security professionals and people in general will have to deal with when the right tools fall into the wrong hands. It is odd that an agency created tools to spy; nevertheless, failed to properly protect those tools against spying. Solution? Create tools to defend as strong and effective as those created to attack.
This week, OWASP released a working draft of its latest OWASP Top 10 vulnerabilities list. This is the first time that changes were made on this industry benchmark list in four years, even though many of the vulnerabilities remain the same. OWASP Top 10 is designed to help developers, designers, architects and business owners avoid risks associated with the most common vulnerabilities and provide standards for prioritizing vulnerability mitigation. The greatest change of 2017 Top 10 is the addition of application programing interfaces (APIs), and it could potentially help raise more awareness about API security. However, some would think that the Top 10 list is not evolving quickly enough to keep up with the pace of the changes in how software is delivered, and thus unable to cover the changing trends. On the other side, some think that there’s no need to update the list every year because the strong similarities mean that the trend does not change that quickly.
This article talks about how IoTs devices access a corporate network, and how CSOs must be aware of the risks that these devices present on a network because of their recent display for a “lack of security”. The video talks with a CMO Sanjay Raja of Lumeta.