Skip to main content

CDW/IDC Canada report: Businesses facing unprecedented cybersecurity risks

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on CDW/IDC Canada report: Businesses facing unprecedented cybersecurity risks

WORRYING NUMBERS, WORRYING TRENDS According to the 2023 Canadian Cybersecurity Study, businesses are under increasing pressure from cybercriminals as both the frequency and sophistication of attacks continue to escalate. Around 40% of respondents said they had faced more than 250 security-related attacks or threats throughout 2022. Just as concerning, approximately 10% of all cyberattacks over the same period were successful. Compared to the previous year’s report, the number of attacks resulting in a breach – defined as the unauthorized removal of data or files – increased by 130%....

Continue reading

Maui wildfire alert system failure highlights critical gaps in disaster planning

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on Maui wildfire alert system failure highlights critical gaps in disaster planning

COMPREHENSIVE WARNINGS, ALL SILENCED The State of Hawaii calls its All-hazard Statewide Outdoor Warning Siren System the “largest single integrated public safety outdoor siren warning system in the world.” It has over 400 solar-powered sirens – 80 of them on the Maui archipelago – capable of alerting residents to a wide range of natural and human-caused events, such as hurricanes, tsunamis, volcanic eruptions, floods, terrorist threats, and wildfires. The sirens are a critical part of the more broadly scaled Statewide Alert and Warning System (SAWS), which uses the Federal Emergency...

Continue reading

LastPass breach: an historic – and likely ignored – cybersecurity lesson

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on LastPass breach: an historic – and likely ignored – cybersecurity lesson

THE PASSWORD MANAGEMENT PROMISE Password management has always been a struggle between convenience and security, with end-users often using the same password across multiple systems and using passwords – such as names of pets or significant others – containing clues easily obtained from social media. Some will even use the same passwords for years at a stretch, which can extend vulnerability long after their authentication information has been compromised in a breach. Password management solutions like LastPass, 1Password, and Dashlane promise to address the weakest...

Continue reading

Threads privacy policies reveal need for better development best practices

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on Threads privacy policies reveal need for better development best practices

HUNGRY, HUNGRY HIPPO Now that the first few heady weeks of Threads’ existence are giving way to the cold, harsh reality of long-term use, we’re beginning to get a better look at what lies underneath. And what we’re seeing – at least from the perspective of end-user privacy – merits additional discussion, because Threads collects significantly more data than competing apps in the microblogging space. While apps like Twitter, Mastodon, Hive Social, and Bluesky all have their own privacy policies, all of them are far less aggressive in their data collection.  It’s...

Continue reading

Cybersecurity budgets fail to keep pace with intensifying threat landscape

Written by Carmi Levy on . Posted in Blog, StringN. No Comments on Cybersecurity budgets fail to keep pace with intensifying threat landscape

INFRASTRUCTURE INCREASINGLY UNDER THREAT The Suncor attack reflects the accelerating vulnerability of organizations in the infrastructure space – see Colonial Pipeline and JBS Foods for earlier examples of high-profile ransomware events that resulted in widespread consumer impact. It also comes on the heels of a warning from the Canadian Centre for Cyber Security (CCCS) that the oil and gas sector is increasingly being targeted by opportunistic cybercriminals. Barely two months ago, the Globe & Mail newspaper reported on pro-Russian claims that...

Continue reading

Massive Pentagon data leak shines light on insider cybersecurity risks

Written by STEP Software on . Posted in Blog, StringN. No Comments on Massive Pentagon data leak shines light on insider cybersecurity risks

NO LONGER JUST A GAME Massachusetts Air National Guard member Jack Teixeira, 21, was arrested last week for allegedly stealing the highly classified military documents and sharing them on a Discord gaming channel. The compromised data includes signals-based intelligence that could impact American information gathering efforts for years to come. In the ever evolving pantheon of major cybersecurity events, this ranks among the most damaging. What is especially troubling about this particular breach is the amount of time it took to be discovered. Military officials were unaware...

Continue reading

Twitter source code gets leaked online. Here’s why it matters.

Written by STEP Software on . Posted in Blog, StringN. No Comments on Twitter source code gets leaked online. Here’s why it matters.

THE SECRET SAUCE, NO LONGER SECRET The New York Times reported on March 26th that Twitter had sent a copyright infringement notice to GitHub. The company asked the developer forum to remove a repository containing what it said was leaked source code. GitHub removed the code the same day, and while it was not immediately known when the leak first occurred, the Times reported the code had been exposed for a number of months. The optics are troubling. Any leak of source code is worrisome for any company. For a software or platform company, however, it’s infinitely worse. Source code...

Continue reading

Ongoing Twitter outages speak volumes about infrastructure’s importance

Written by STEP Software on . Posted in Blog, StringN. No Comments on Ongoing Twitter outages speak volumes about infrastructure’s importance

A GATHERING STORM Whether it’s an API error, or simply a notification that you’ve exceeded your allowed number of followed accounts, it falls well short of a complete outage or a network-wide meltdown. To the typical end-user presented with these errors, Twitter is still largely operational, but it seems to be experiencing a series of annoying glitches here and there. Over time, the annoyance factor adds up. None of this is enough to trigger a mass response from the platform’s 300 million users. Yet. But it is enough to highlight an unwelcome increase in the reports of intermittent outages...

Continue reading

Italian ransomware attack highlights bad patch management

Written by STEP Software on . Posted in Blog, StringN. No Comments on Italian ransomware attack highlights bad patch management

TARGETING THE WEAK The newest attack impacted servers across Italy. At its peak, traffic was reduced to 26% of normal levels across the country. Servers in France, Finland, the United States, and Canada were also affected. The French cybersecurity agency, ANSSI, which issued the first alert on Friday, warned of continuing attacks against vulnerable servers in the days to come, and reiterated its guidance to administrators to patch their affected systems. So, in case we’re keeping score, here’s where we’re at: VMware identified a weakness in its products 2 years ago. The company...

Continue reading

Here’s why it takes so long to write great code

Written by STEP Software on . Posted in Blog, StringN. No Comments on Here’s why it takes so long to write great code

PICK ANY TWO OUT OF THREE Anyone who has worked in the industry and knows what it takes to become a developer will appreciate how unfair this kind of reaction is. Because it fails to account for the years of education, training, and experience that fully qualified developers must go through. It fails to recognize the massive investment developers must make to become top-performing professionals. Developers aren’t just born, and they don’t just materialize out of thin air. They need education (and lifelong learning), real in-the-trenches experience, and unbridled passion for writing great...

Continue reading