Last week’s uproar on the Microsoft Azures database (Cosmos bug) hit the boardroom. A lot of major companies use Microsoft Cloud, so Azure customers were in for a rough surprise. Wiz's Chief Technology Officer Ami Luttwak (his company found the vulnerability) describes it as “the worst cloud vulnerability you can imagine.” 

Bloomberg says Microsoft warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases. In this blog, I don’t describe the incident or ‘chase the ambulance.’ I give my personal take on other industry experience and elaborate on what I would do if I were a Chief Information Security Officer of a global pharmaceutical company using Azure and if the CEO asks me “What the hack happened and what do we need to do?”..

In recent years, credential stuffing attacks have been on the rise. Cyber criminals take over accounts with username and password combinations that were stolen at third parties.

The goal of Account TakeOver (‘ATO’) prevention services is to prevent unauthorized access to your accounts. There are several types of techniques that can be used to implement ATO prevention services. The characteristics of the techniques varies widely. Furthermore the data quality of an ATO prevention service has a great effect on the effectiveness and efficiency of the service. In this article we will take a closer look at both the used techniques and data quality.

Although information security has a long history, it wasn’t really top of mind of senior management, Board or other employees until late 2010s. A “security professional” became a real job and market demand has grown ever since. Awareness about security risks increased significantly. The thriving forces for this were major security breaches such as Snowden, NotPetja and WannaCry shocking the world, but also regulators demanding companies to protect their critical assets, including non-tangible ones such as data. As a result of this, we can now state it has the Boards attention by default. 

Every year thousands of data breaches occur, as we can read in the daily news. The root causes of the breaches range from organizational issues to technical flaws. A new category of attacks emerged a few years ago: ‘credential stuffing’. According to F5, ‘credential stuffing and brute force attacks have been the biggest threats for financial services recently, and the trend shows no sign of slowing’. According to Akamai, ‘hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites within the 17-month period analyzed’. Nowadays credential stuffing attacks are considered among the top digital threats. But what exactly is credential stuffing?

Analyzing Business Information Security for a data breach use case

In a digital business world that is highly distributed via an eco-system, ensuring your digital assurance becomes vital. Everything needs to continuously work and Confidentially, Integrity and Auditability have to be assured, especially when your business is regulated and should demonstrate to be “in control”. Nevertheless, how do we do that when business models are under fire by hackers?.. 

Cracking classic hashes

Moore’s law is the observation that the number of transistors in a dense integrated circuit doubles about every two years. This roughly doubles computing power about every two years as well. Password hashing algorithms typically have a lifetime of many decades. This means that the level of protection of a given password hash algorithm decreases over time: attackers can crack longer and more complex passwords in the same amount of time.

"Just write a short motivation letter regarding this conversation" is a sentence that I speak to cybersecurity professionals on a regular basis. Internal research at Cqure has shown that the motivation letter does not always have the desired result, while it is apparently a good piece of text. How is that actually possible? And why is good motivation letter so important?...