Security Leftovers
-
OSINT your OT suppliers | Pen Test Partners
There is much talk about supply chain security and reviewing your suppliers for cyber security. But how much information do they intentionally and unintentionally leak about your organisation online?
We see this particularly in the industrial controls sector as its cyber security maturity is perhaps a few years behind the wider cyber market.
Fortunately, this is something that you can audit yourselves, without needing to involve the supplier. It can make for useful negotiation points during procurement exercises, particularly if you engage your purchasing teams in the process.
Why make the hackers life easy?
-
Book Review: If It's Smart, It's Vulnerable - Mikko Hyppönen
This is a curious book. It starts out as a look at the security of everyday objects, but quickly becomes a series of after-dinner anecdotes about various security related issues. That's not a bad thing, as such, but a little different from what I was expecting.
-
What is the Cyber Resilience Act and why it’s important for Open Source - Voices of Open Source
The Cyber Resilience Act (CRA) is an interesting and important proposal for a European law that aims to drive the safety and integrity of software of all kinds by extending the “CE” self-attestation mark to software. And it may harm Open Source. The proposal includes a requirement for self-certification by suppliers of software to attest conformity with the requirements of the CRA including security, privacy and the absence of Critical Vulnerability Events (CVEs).
[...]
The Open Source Initiative assumes the Act is not intended to negatively impact the communities that make Open Source software or burden the non-profit foundations that support them.
-
I Was Nearly Phished | Kev Quirk
I nearly fell for a run of the mill phish recently. Just goes to show that they can get anyone.
Just to give you some context before we get into this, I’m a senior leader at Bank of America, where I work in the information security team.
The team I run is in the identity space and one of the things we’re interested in is phishing attacks. So although I’m no expert, I do like to think of myself as a person who knows a thing or two about phishing attacks.