In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition.
Two years later, we still have no details on the malicious actor.
In light of recent news stories about possible cyberattacks on the U.S. power grid, we are inclined to ponder over precautions we can take to prepare for such a scenario. If you are in the public utilities industry, this blog post is for you. But, if you’re not, don’t worry. We will cover some basic principles you can follow to get your organization ready before such a cyberattack occurs.
The Apache Log4j vulnerability has attracted a lot of media attention as a result of recent security incidents that were reported by some organizations using versions 2.0-beta9 through 2.14.1. This security flaw has the potential to affect thousands of applications since some of the world’s largest databases rely on Log4j.
Because so many organizations are affected, cybercriminals are actively exploiting this well-known vulnerability.
Why is this so dangerous? In addition to the threat of malware and ransomware, hackers can also perform remote code execution due to the Log4j vulnerability.
The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.
"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
In this article these top security risks discussed in the context of log collection.
OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.
Keep up to date with our monthly digest of articles.