Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against…
Wavestone and Sigfox share a common passion for tech, innovation and security. Our discussions led us to explore the foundation of all cybersecurity initiatives (the risk analysis), why this is different for an IoT project and, most importantly, how you…
Monthly indicators TOP ATTACK The massive SolarWind hack Russian SVR Hackers have been romping through some 18,000 of SolarsWinds' Origin customer servers using the SUNBURST malware installed via a backdoored update server. FireEye, Microsoft and GoDaddy believe the avsvmcloud domain…
As discussed in the previous article (in French), ISS teams must adapt their organisation, processes and tools to ensure that security issues are considered on an ongoing basis. Agile methodologies are becoming more common within organisations and security teams must…
What is a bug bounty and what is it used for? Mere buzzwords a few years ago, bug bounty programmes and vulnerability disclosure initiatives have since permeated the cyber-related vocabularies of a wide range of organisations, whether it be…
In a previous article, we discussed the main motivations behind the implementation of an authorization model and answered a first set of essential questions one should think about when setting up or redesigning a model. Let’s continue here with a…
Introduction DAC, RBAC, OrBAC, ABAC or GraphBAC? Flagship authorization models evolve regularly and each one brings its share of challenges, promises, and complexity. Over the last twenty years or so, during which the RBAC/OrBAC models seem to have prevailed, the…
With the release of the Digital Operational Resilience Act (DORA), the European Union is taking a strong stand to strengthen the financial sector’s resilience to ICT-related major incidents. With prescriptive requirements on both financial entities and critical ICT services provider, and an aggressive timeline…
Indicateurs du mois TOP ATTACK LE GOUVERNEMENT BRESILIEN SE REMET DE LEUR "PIRE" ATTAQUE Après avoir été touché, le 3 novembre, par la plus sévère de toutes les attaques orchestrées contre une institution publique brésilienne, le Tribunal Supreme de Justice…
Monthly indicators TOP ATTACK Brazilian government recovers from "worst-ever" cyberattack After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution on the 3rd , the Superior Electoral Court (STJ, in the Portuguese acronym) has managed to…
