...Gone in 60 Seconds - redux...

Reality is a harsh teacher. 

Taking the easy way out, "Check the Box" security carries with it a terrible cost. 

The link below outlines in non-technical terms, how reconnaissance and attack via ransomware took the world’s largest shipping company, Maersk, down crippling their worldwide operations in less than sixty seconds (the actual attack that is, the reconnaissance phase?, must have been substantial). 

80,000 employees, in 574 offices in 130 countries across the globe, seventy-six major ports and 800 ships at sea, DEAD IN THE WATER...

They appear to have been big fans of “check the box” security, I wonder how they feel about those decisions now?

The untold story of NOTPETYA malware and MAERSK shipping

Copyright © 2019 by"the Secret CISO"

All Rights Reserved.

 

...Nation State throws down the gauntlet on "offensive cyber operations"...

French armed services minister Florence Parly, who unveiled France's new offensive cyber doctrine

France, a permanent member of the UN Security Council and a nuclear power, releases it's national policy on "...Offensive Cyber Operations..." relevant to peacetime and open hostilities. 

 

Amazing reading. 

 

Seldom to Nation States make such statements. 

 

Take the time to translate and read, please post a comment if you find an accurate translation. 

 

Link to Analysis

 

Copyright © 2019 by"the Secret CISO"

All Rights Reserved.

 

... an API security standard, about damn time!...

Above is my humble entrant for the API Security Top Ten challenge

F I N A L L Y  we have a "top Ten" List for API security, the OWASP list is almost as good as my home grown list...almost.

API Security Reference Architecture - OWASP finally publishes API Security "Top Ten" list. 

 

Reminds me of Neil Armstrong stepping on the Moon for the first time.

 

OWASP 2019 Top Ten API Security

 

Copyright © 2019 by"the Secret CISO"

All Rights Reserved.