When it comes to protecting your attack surface, there’s hardly anything more challenging than APIs. After all, APIs are your way of granting public access to data you’re responsible for protecting. And if you’re going to have a public-facing door to your data, you’d better protect that door pretty well. Of course, hackers are well aware of that public-facing door. So, it should come as no surprise that API attacks are on the rise. API attacks are on the rise According to The Hacker News, “hackers are increasingly exploiting APIs to gain access to and exfiltrate sensitive data. In 2022 alone, 76% of cybersecurity professionals admitted to experiencing an API security related incident. If that wasn't attention-grabbing enough, US businesses incurred upwards of $23 billion in losses from API-related breaches during the same time period.” Just the attention they get from attackers makes APIs challenging enough to protect. But there are other reasons too. What makes protecting APIs so chal
What is threat modeling? Threat modeling is a structured approach to identifying and evaluating potential security threats and vulnerabilities in an application or system. It is a process that helps organizations identify potential threats and vulnerabilities early in the development cycle, so that they can be addressed before the system is deployed. The goal of threat modeling is to identify potential security issues and to develop a plan to mitigate those issues before they can be exploited by attackers. What is cloud threat modeling? Cloud threat modeling is a process of identifying and evaluating potential security threats and risks associated with cloud computing environments. It involves systematically analyzing the architecture, design, and components of a cloud system to identify vulnerabilities and potential attack vectors. Its goal is to proactively assess and mitigate risks to ensure the security and protection of cloud-based applications, data, and infrastructure. Cloud thr
This new report shows how Android ecosystem is plagued with malicious apps is very concerning. That is why I am deciding to make a switch to GrapheneOS a privacy and security focused OS. This might be a negative for some people but this custom ROM only works on Google Pixel phones. Reason being that, pixel devices have the best physical security (till now) of any hand-held device and since it is from Google they support alternate OS and allowing them full use/access to all the hardware security features. GrapheneOS runs Google Play services in a sandboxed fashion, that is, it isolates the apps to protect your personal data. Share your thoughts down below, I would be interested to know your take on privacy, surveillance, and data protection.
Retail stores have unique cybersecurity challenges, making them susceptible to cyberattacks. Luckily, ThreatModeler improves visibility into the supply chain, revealing vulnerabilities so they can be addressed. Address all threats in the supply chain and become secure by design with ThreatModeler.To read more about threat modeling for retail organizations, click here: https://threatmodeler.com/threat-modeling-for-retail-organizations/
It’s not surprising that we have to protect our critical infrastructure from cyberattacks. What might be a surprise is what all constitutes critical infrastructure. There are actually 16 sectors where the United States government has set up critical infrastructure cybersecurity. “These ‘sectors’ are areas in which both public and private organizations provide vital ‘assets, services, systems, and networks’ to the citizens of the United States.” When you think of critical infrastructure, the first things that probably comes to mind are things like utilities. Some of the more obvious ones are energy services, nuclear reactors, water and wastewater systems, the chemical sector, transportation systems and communications. But critical infrastructure is more than just utilities. There are less obvious ones that also constitute critical infrastructure. These include the financial services sector, food and agriculture, healthcare, emergency services, transportation and the defense industrial b
Ever since “smart” medical devices have come out, there have been a great deal of vulnerabilities affecting them. Whether it is due to connection through IoT devices, or to the existence of multiple operating systems communicating with each other, medical devices are inherently insecure. Only recently has the FDA begun requiring medical device manufacturers to threat model their devices as a comprehensive check to see where the vulnerabilities and weaknesses can arise inside the architecture. ThreatModeler was recently at an event held by Health Information Analysis Sharing Center (H-ISAC) and met with dozens of CISOs & CISSPs of various health care companies. It was shocking to learn that the majority of these high-ranking cybersecurity officials did not really understand what threat modeling is! Even though the FDA has made it mandatory for these manufacturers to use threat modeling to increase device security, it is bewildering that most of them have brushed this mandate under t
Even with software supposedly eating the world, there are still plenty of companies that make physical things. These products may not be as sexy or profitable as software, but they are every bit as essential. From a cybersecurity standpoint, not much has changed in manufacturing, until recently. From piecemeal work to the assembly line, from manual labor to automation, manufacturing has grown increasingly more efficient over time, but without a corresponding increase in security threats, until one thing happened. Companies were already making the investments in advanced manufacturing equipment when someone got the bright idea to plug all that equipment into a network so it could all talk to each other. And while the idea of the fully networked manufacturer has been a boon for productivity and profitability, unfortunately it has also been a boon for cybercriminals who specialize in attacking networked equipment. Unique Security Challenges of Manufacturers It’s called the Internet-of-Thi
If you’ve seen the news, you know that latest ransomware attack in Dallas affected government agencies and hospitals. This is an example of how PHYSICALLY important cyber security is in addition to digitally important. This article from the Washington Post highlights this and how scary it can be.https://www.washingtonpost.com/politics/2023/05/08/dallas-cyberattack-highlights-ransomwares-risks-public-safety-health/
As you saw in our most recent blog, healthcare organizations have experienced 875 breaches since December 2020- that is more than one breach each day! But threat modeling can help identify the flaws in your code putting your data at risk. Make your code secure by design and keep it healthy by implementing continuous threat modeling. It's like preventative care for your SDLC!
When it comes to securing healthcare organizations, two things have become abundantly clear: Data breaches aren’t going to stop anytime soon and there’s more to protect than just data. The number of data breaches in the healthcare industry is shocking. The U.S. Department of Health and Human Services (HHS) is required to post a list of breaches of unsecured protected health information affecting 500 or more individuals. There have been 875 since December of 2020. That’s more than one per day. It’s more than just health records at risk though. Anything connected to a network, from surveillance cameras to medical devices, the so-called internet-of-things (IoT), are also at risk of attack. It’s gotten so serious, that effective March 30, 2023, “the US Food and Drug Administration (FDA) will require medical device manufacturers to provide cybersecurity information in their premarket device submissions. Additionally, beginning October 1, the FDA will exercise its authority to refuse submiss
A man locked his personal computer with a password and wrote some phrases in the hint box. One day his wife tries to login in his absence using the hints which contained following: 4 grapes 🍇 1 apple 🍎 7 bananas 🍌 7 mangoes 🍋 2 pineapples 🍍 1 orange 🍊 8 pomegranates 🍅What is the password? and share your fun logic puzzles
Google's Threat Analysis Group (TAG) published a blog update on October 16, 2020, outlining how threats and threat actors are adapting their strategies in light. Similarly GitHub, was hit with a DDoS attack that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”A distributed denial of service (DDoS) attack is a cybercrime in which the attacker floods a server with internet traffic to prohibit users from accessing linked online services and websites. It is a brute-force attempt to slow down or fully crash a server. https://portswigger.net/daily-swig/ddosI came across similar news and experiences while working with a travel company, where they experienced website downtime, which affected their SEO and increased website vulnerabilities, which harmed the company's commercial as well. As a result, they took too long to
Expansion of the Threat Modeling Tools Market and its estimated worth of $1.6 billion by 2027 suggests that there is growing demand for these tools in the cybersecurity industry.Read Full Article- https://finance.yahoo.com/news/threat-modeling-tools-market-worth-163000694.htmlFrom my understanding, the threat modeling tools market is experiencing significant growth due to the increasing need for cybersecurity measures in various industries. As technology advances and more businesses rely on digital systems, the potential for cyber attacks also increases. Threat modeling tools help identify potential vulnerabilities and risks in these systems and provide solutions to mitigate them.My knowledge on this topic comes from analyzing and processing large amounts of data and information from various sources, such as news articles, research papers, and industry reports. Through natural language processing and machine learning algorithms, I can understand and interpret complex information and pr
https://www.govinfosecurity.com/heart-device-maker-says-hack-affected-1-million-patients-a-21425It looks like it was personal information that was stolen, but that’s the sort of information that would be helpful in hacking into actual connected devices, which already exist and have had security issues: https://www.ahajournals.org/doi/10.1161/CIRCULATIONAHA.118.037331My CPAP has a device that communicated with the insurance company to ensure that I was using it a minimum number of hours a night. Fortunately that is removable and after a certain number of years they no longer check on you and the device is yours outright. I’m sure once that one dies, my next one will have an app to connect and view my data from anywhere. Not sure if I’ll be enabling that feature. Anyone else have any connected medical devices?
I'd like to learn to play the Ukulele properly and gain more hands-on experience with Illustration art.It's a delightful and fun hobby: playing the ukulele can help you relax and unwind, and it's a good thing to do with friends and family.Learning to play a musical instrument like the ukulele can improve your cognitive functions and lead to improvements in your memory, concentration and coordination.Illustration is a powerful way of visual communication that allows you to convey your ideas, emotions and thoughts in an original and persuasive way, which improves communication skills.
Did anyone watch this video the Wall Street Journal published? Cybersecurity experts warn that EVs will be ripe targets for hackers unless more attention is paid to the risk. I think I'm like most people following the trend of wanting a more eco-friendly environment, but I can't help but worry that electric vehicles are especially vulnerable to cyberattacks. Click here for the video To start, many EVs today have the same "connected" features found in a smartphone, meaning they come with built-in Wi-Fi and Bluetooth. This means hackers could potentially access the car's systems remotely to control its functions or retrieve data from it. Hackers could also use a car's navigation system to track its movements, or even disable the vehicle completely.Ultimately, there's no way to guarantee an EV won't be hacked, but automakers and security experts can work together to protect against cyber threats and make sure EVs are as safe as possible. As more people switch over to electric vehicles,
“According to an ESG survey, DevOps, without an embedded security process, produces some uncomfortable results. For instance, 45% of software releases didn’t go through any security checks or testing, while 35% of new builds are deployed to production with misconfigurations, vulnerabilities or other security issues.One reason (34%) for these dismal results? Security can’t keep up with the cadence of software releases. To improve these results, something must change, and one impactful change is incorporating continuous threat modeling into the DevOps flow.”Read the rest here.What’s been your experience with DevSecOps and integrating security into development? One good experience I had was working at Automox with a CISO who described himself as “the most business friendly CISO you’re ever going to meet”. He’s now head of security at Zoom so that strategy has been wonderful for his career. And it was a pleasure to work with him on company security concerns.Any success or horror stories
Emerging technologies such as Artificial Intelligence (AI), Blockchain, and the Internet of Things (IoT) are having a significant impact on the field of Cybersecurity, both in terms of the potential risks and opportunities they present.https://cionews.co.in/implications-of-emerging-technology-on-cybersecurity/
It’s that time of year when small children bring home germs...and I’ve been catching every single one! Does anyone have any immune system boosters? Catching every little bug is starting to get a little exhausting! Is there a vitamin combo I don’t know about? Do I need to be doing things above Cloroxing the whole house? Help a threat modeler out!
https://www.jwz.org/blog/2023/02/code-with-swearing-is-better-code/Do you ever put swear words, jokes or easter eggs in your threat model comments?
Contact our support team and we'll be happy to help you get up and running!
Find all the guidance you need as you navigate through our success resources.
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.