When security assessments leak, the fallout can eclipse the original incident.

In our latest Cyberside Chats episode on the Louvre heist, Sherri Davidoff and Matt Durrin dig into how exposed audit findings fueled public scrutiny and what every organization should learn from it.

If you want to hear how a seven-minute robbery turned into a reputational firestorm — and how to keep your own reports from becoming headlines — listen to the full podcast here: https://www.chatcyberside.com/e/louvre-heist-exposed-how-weak-tech-old-passwords-invited-the-theft/

#Cybersecurity #InformationSecurity #ReputationalRisk #SecurityAudits #DataProtection #ThirdPartyRisk #IncidentResponse #CyberRisk

Is safeguarding sensitive data a paramount concern for your organization? The evolving threat landscape and the constant emergence of new technologies make it imperative to adopt proactive strategies to mitigate data security risks. Let's explore the top five strategies to fortify data security in the face of rapid changes: https://foxconsulting.co/post/safeguarding-data-in-motion-top-5-strategies-to-mitigate-security-risks-in-a-rapidly-changing-lands

#datasecurity #datagovernance #zerotrustarchitecture #encryptionprotocols #securityaudits

EVMs and the Need for Greater Electoral Transparency

Given the critical role of EVMs in India's elections, it is essential to have a transparent process for examining the inner workings of such machines.

https://thewire.in/tech/evms-and-the-need-for-greater-electoral-transparency

#EVMs #ElectronicVotingMachines #elections #transparency #SupremeCourt #ECI #ElectionCommission #security #SecurityAudits #hacking #DEFCON #india

Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.

Follow us for exciting IT security Content.

#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity

Whether we like it or not, small to medium businesses that do tech need to access the database directly from time to time. Whether it’s reporting or making a small change to alter a bug/user introduced data issue, it happens.

There is a growing need for a web client that can access multiple database types that also has a focus on auditing and security. Who ran what query should be made transparent.

#Database #Security #Audits #SecurityAudits #SMB

"How U2F (2FA) works at Twitter" - Part 2/2 of a #tootSeries about #ITsecurity #MultiFactor #insights. [Ref. "MOMOC-04-Comfort/Security"]
#MOMOCtips

#Smartphones and #USBkeys that support #NFC (Near-Field Communication), like for example the #Yubikey NEO, lets you log in with U2F without needing a physical cable to insert the USB key. Put it close to the phone (back side), and the #authentication happens over the air. Unlike other solutions (like the #Nitrokey which only support 1 function), having a Yubikey which normally supports 2 functions, you can have BOTH the static password AND the U2F on the same key working through NFC wirelessly. A long-press on the button emits the stored static password to the phone clipboard so that you can paste it into the password field, and then second factor (U2F) function asks you to confirm by pressing the button briefly, and then you are logged in.

PS. NEVER use a static password in the exact form it is stored! If someone steals or finds your #USBkey, you do not want them to be able to use it by itself. A #trick is to never use it exactly as it is stored on the key:
- Remove a few characters after it has been pasted/sent to the password field, and then ADD some characters manually which are NOT stored on the key.
For example, invent a new easy-to-type short #password that you type manually at the end every time you use the stored portion.

PS-2. Yubikeys were openSourced until version 4, but they are now no longer that, being proprietory since v4, as opposed to others like the #Nitrokey, which is #openSource.
As it is inconcievable with trustworthy, #verifiable #securityAudits without #openSource, many of us are now moving away from the beloved Yubikeys, or at least staying behind and only using the older versions that are actually openSourced. It is still possible to get hold of older versions.

Ref. https://www.yubico.com/2016/05/secure-hardware-vs-open-source/