Couple of stories that caught our attention, readers may be interested in comments on the topic from Ilia Kolochenko, CEO of web security company High-Tech Bridge:
1.2 billion cryptocurrency stolen
“Unregulated cryptocurrencies are an emerging Klondike for cybercriminals. A well-prepared attack is uninvestigable, risk of persecution borders with zero, while the stolen coins can be easily laundered and used for the niceties of life. We will likely see a continuous growth of attacks against cryptocurrency owners and processors (e.g. exchanges) by various means from trivial phishing to sophisticated APT attacks against the largest trading platforms.
To reduce the risks, one should never entrust his or her wallet to third parties, remain vigilante for any incoming messages, emails or hyperlinks, have an updated AV and a machine with all security patches properly installed. Investments into dubious ICO projects should be clearly understood as high-risk , and chances to lose the integrity of money are above 99%.”
T-Mobile bug lets anyone see customer account details
“I think, unfortunately, most of European telco companies have similar or even more dangerous problems.
Underprotected APIs remains a significant problem for many of today’s web and mobile applications. DevSecOps efforts are nascent if not non-existent in many large companies. Developers tend to ignore security best-practices, being already busy enough with endless streams of new features requested by the business to remain competitive on the market.
Application Security should be started with comprehensive application discovery and inventory: it is sufficient to miss one single API or subdomain, and the attackers will get your crown jewels. Continuous security monitoring is also essential to keep your applications and incorporated customer data safe.”