Monthly indicators TOP ATTACK SolarWinds aftermaths On the 11th of January, a website presumably owned by the actors behind the SolarWinds breach has surfaced, claiming to be selling data obtained using the SolarWinds backdoor. The site, using the domain solarleaks.net,…
We have recently opened the contributions to this blog to start-ups accelerated by our Shake'Up project. Hackuity rethinks vulnerability management with a platform that collects, standardizes and orchestrates automated and manual security assessment practices and enriches them with Cyber Threat…
We have recently opened the contributions to this blog to start-ups accelerated by our Shake'Up project. Hackuity rethinks vulnerability management with a platform that collects, standardizes and orchestrates automated and manual security assessment practices and enriches them with Cyber Threat…
Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against…
Wavestone and Sigfox share a common passion for tech, innovation and security. Our discussions led us to explore the foundation of all cybersecurity initiatives (the risk analysis), why this is different for an IoT project and, most importantly, how you…
Monthly indicators TOP ATTACK The massive SolarWind hack Russian SVR Hackers have been romping through some 18,000 of SolarsWinds' Origin customer servers using the SUNBURST malware installed via a backdoored update server. FireEye, Microsoft and GoDaddy believe the avsvmcloud domain…
As discussed in the previous article (in French), ISS teams must adapt their organisation, processes and tools to ensure that security issues are considered on an ongoing basis. Agile methodologies are becoming more common within organisations and security teams must…
What is a bug bounty and what is it used for? Mere buzzwords a few years ago, bug bounty programmes and vulnerability disclosure initiatives have since permeated the cyber-related vocabularies of a wide range of organisations, whether it be…
In a previous article, we discussed the main motivations behind the implementation of an authorization model and answered a first set of essential questions one should think about when setting up or redesigning a model. Let’s continue here with a…
Introduction DAC, RBAC, OrBAC, ABAC or GraphBAC? Flagship authorization models evolve regularly and each one brings its share of challenges, promises, and complexity. Over the last twenty years or so, during which the RBAC/OrBAC models seem to have prevailed, the…
