News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.
As we continue to embrace hybrid work, chief information security officers (CISOs) and compliance teams are wading through and in some cases even overlooking many different areas related to collaboration security. We’ve highlighted the top three areas of risk in this post which should keep CISOs awake at night. The remote workplace continues to evolve at lightning speed, and so too should CISOs – or risk sensitive materials ending up in the wrong hands.
Life used to be simpler for security teams. In the legacy world, they had a clear understanding of the environment they needed to protect—typically the standard LAMP stack (Linux, Apache, MySQL, PhP). Within this straightforward, relatively static infrastructure, they could carve out a network layer all for themselves to implement the security technologies of their choice. They also had a direct line to vendors to discuss the security controls that needed to be implemented. But in the age of DevOps and cloud, things just don’t work this way anymore. Four key changes have left security teams struggling to protect applications and organizations.
While the flexibility granted to remote workers is game changing, employers have new concerns about the security of a hybrid setup. COVID-19 vaccinations are now within reach for a majority of Americans, meaning enterprises need to re-examine the remote office model many were forced to adopt over the past year. Experts anticipate that a hybrid work model with an equal number of workers in office and remote to be the new model of choice.
If you’d like to learn how your enterprise can re-tool security strategies and ensure security for both remote and in-office employees, keep reading on for a conversation with cybersecurity expert Brent Johnson, CISO at Bluefin, on how leadership can address security challenges specific to a hybrid work model.
The Seattle Theatre Group (STG) recently used a cloud video surveillance to solve their surveillance and server management challenges. The solution helped STG streamline their video security infrastructure by being compatible with existing IP cameras and networks.
Netenrich announced the appointment of Christopher Morales as Chief Information Security Officer (CISO) and Head of Security Strategy to its leadership team. Morales will oversee the strategic development, implementation, and market execution of the company’s security solutions and processes.
Eagle Eye Networks released its new report detailing camera use and insights from cameras connected to the Eagle Eye Networks Cloud Video Management System (VMS). The insights are analyzed from a sample data set of 100,000 cameras in 90 countries around the world. True Cloud, technology improvements, COVID-19, and the need for business intelligence are transforming the video surveillance market.
Survey finds that 58% of respondents are concerned about security in the cloud, while misconfigurations are one of the leading causes of breaches and outages, as public cloud adoption doubles over past two years
April 2, 2021
The Cloud Security Alliance (CSA) new survey, “State of Cloud Security Concerns, Challenges, and Incidents, finds that 58% of respondents are concerned about security in the cloud, while misconfigurations are one of the leading causes of breaches and outages, as public cloud adoption doubles over past two years.
For a loosely connected, globally distributed system with no central governing authority, the Internet is remarkably dependable. Robust enough to cope with the unexpected, it features back-up capabilities ranging from redundant network paths to virtual servers that compensate for physical hardware failures.
In this webinar, we are going to explore all the different cloud models used in video surveillance and cloud access control solutions. We will also discuss the rising trend of “Security as a service” and how this can impact the future of security buying, maintenance, and relationships between security providers and clients.
Get our new eMagazine delivered to your inbox every month.
Stay in the know on the latest enterprise risk and security industry trends.