Electric Mobility – How can charging point operators secure their charging infrastructure? 

With the European Union’s ban on the sale of combustion engine vehicles set for 2035, the electric mobility market is rapidly expanding. Alongside it, electric vehicle charging infrastructures (EVCI) are developing at a fast pace: cumulative investments by 2030 could…

AI and personal data protection: new challenges requiring adaptation of tools and procedures

The massive deployment of artificial intelligence solutions, with complex operation and relying on large volumes of data in companies, poses unique risks to the protection of personal data. More than ever, it appears necessary for companies to review their tools…

Artificial Intelligence, Industrials, and Cyber Risks: What’s the Current State?

Artificial intelligence (AI) is transforming numerous sectors, including the industrial sector. The latest advancements, particularly those based on Machine Learning (ML) like generative AI, are paving the way for new opportunities in process automation, supply chain optimization, personalization, and so…

Detection probes for OT : The keys to a successful deployment

Enterprise demand for detection probes has been rising in recent years, particularly in the industrial sector. This can be for many reasons: regulatory or contractual constraints, need for incident detection capabilities on the industrial network, desire for greater visibility on…

Data Poisoning: a threat to LLM’s Integrity and Security

Large Language Models (LLMs) such as GPT-4 have revolutionized Natural Language Processing (NLP) by achieving unprecedented levels of performance. Their performance relies on a high dependency of various data: model training data, over-training data and/or Retrieval-Augmented Generation (RAG) enrichment data.…

Post-quantum cryptography is here: what are the consequences and actions for large organisations? 

This summer's post-quantum news: what you need to know  This summer marks a major breakthrough in cybersecurity with the publication of the NIST standards for post-quantum cryptography. This publication is the culmination of many years of work, the standardisation process…

Timeline Update: CMMC 2.0 and the Phenomenon of Midnight Rulemaking

Not familiar with CMMC 2.0? For more information regarding CMMC 2.0, please refer to this article. The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive framework designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), shared with…

   How to build a coding game around Public Cloud Security step by step?    

Step 0: context and objectives  Wavegame is a Wavestone inter-school challenge designed to promote cybersecurity expertise and the consulting profession created in 2019. In its 2023 edition, 33 teams competed in a hands-on exercise focused on securing an AWS Infrastructure.…

KMS: The Key to Secure Management of Cryptographic Objects 

This article is intended primarily for an informed public, mastering the use of cryptographic keys in an IS and their management in organizations.  Increasing security requirements for both industrial environments and connected objects have led to a profusion of cryptographic…

The DoD Strikes Back: Enhancing Supply Chain Cybersecurity with CMMC 2.0

In late October 2023, a third-party data breach incident sent shockwaves through the business world, affecting over 57,000 entities engaged in business with Bank of America. This breach exposed sensitive personal and financial information, underscoring the pivotal role that third-party…

PLC network: the history of industrial systems  facing up to the challenges of the future

Introduction Industrial systems are a category of information systems of their own, with codes and properties that differ from "classic" IT systems. It is well known that the level of maturity of the industrial sector in terms of cybersecurity is…

Deceptive Security: the solution for effective detection in the cloud? – Deceptive use example in AWS cloud 

Today, cyber-attacks are part of our daily lives, and are becoming increasingly common and sophisticated.    Simultaneously, we are moving towards Information Systems that are built on an ever-increasing diversity of environments, thanks in particular to the Cloud, which is now…

Microsoft Defender for Cloud Apps: how to secure cloud applications use 

Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or…

Deceptive Security: the solution for effective detection in the cloud? – your luring strategy. 

    Today, cyber-attacks are part of our daily lives, and are becoming increasingly numerous and sophisticated.   Simultaneously, we are moving towards Information Systems built on an ever-increasing diversity of environments, thanks in particular to the Cloud, which is now…

IT for OT: What process to develop cybersecurity solutions adapted to industrial businesses?

During the Wavestone OT Cyber Day, Loïc Lebain and Benoit Bouffard conducted a workshop in which they noted that IT departments were still struggling to develop a catalogue of cybersecurity solutions for OT. Based on their experience with our customers,…

PIPL: is information system decoupling necessary to comply with protectionist local laws?

The PIPL (Personal Information Protection Law) has emerged as an unprecedented first example of highly protective regulation of personal data, establishing an uncertain framework that reinforces China's control. Despite recent clarifications from China’s authorities, the centralisation of information systems continues…

Application control: what strategy you should adopt for your industrial supervision system?

The industrial control system (ICS) is the set of resources and machines used to supervise and control an industrial process. This article looks at the security issues surrounding Windows devices of the ICS supervision and maintenance layer: SCADA servers and…

CI/CD in AWS: The Solution to All Your Problems? What You Need to Know.

Integrating security directly into the configuration of CI/CD pipelines, especially through the practice of DevSecOps, enables the development of secure applications while increasing delivery frequency. This relieves pressure on security teams, which can often be a limiting factor in the…

Surviving an Active Directory compromise: Key lessons to improve the reconstruction Process 

Active Directory is a critical asset whose failure affects a large portion of your information system  Your company is currently dealing with a major ransomware crisis. Given its central role in managing access, authentication, and network resources within any organisation,…

Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT

Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing. Azure, in…

Barb’hack 2022: Leveraging PHP Local File Inclusion to achieve universal RCE

For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…

Back to top