Instagram – Unsecured Database Exposed

A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.

Google Restricts Huawei’s Access To Android Operating System

It has been reported that Google has suspended Huawei’s access to updates of its Android operating system and chipmakers have reportedly cut off supplies to the Chinese telecoms company, complying with orders from the US government as it seeks to blacklist Huawei around the world. According to the story, Chipmakers such as Intel, Qualcomm, Xilinx, and Broadcom have told employees they will not supply chips to Huawei until further notice, Bloomberg reported on Monday, citing people familiar with the matter.

Veracode Announces New DevOps Penetration Testing Service

DevSecOps can be challenging for many organizations when you consider all the areas of the DevOps process that require security testing. Organizations that begin to shift security “left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to most organizations and are more recently starting to become “mainstream.” For example, we’re seeing more customers adopting microservices, utilizing cloud storage through Amazon S3, MongoDB, and Elasticsearch, deploying applications using containers, and managing those containers with newer orchestration technology like Kubernetes.

Blockchain Systems: Known Attack Vectors And Countermeasures

There is no bulletproof digital network, and blockchain doesn’t stand out from the rest in this regard. However, the attacks targeting distributed ledgers differ from the ones used to compromise conventional computer networks. These exploitation scenarios rely on tampering with the process of achieving consensus to alter the data added to the ledger.

This Week in Security: What’s up with Whatsapp, Windows XP Patches, And Cisco is Attacked by the Thrangrycat

Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.

Spirent First to Incorporate NetSecOPEN Test Suite into Security and Performance Testing Platform

Spirent First to Incorporate NetSecOPEN Test Suite into Security and
Performance Testing Platform

CyberFlood solution simplifies network testing for industry body’s open-standards compliance

SAN JOSE, Calif., May 21, 2019Spirent Communications plc (LSE:SPT), the trusted provider of test, measurement, assurance, and analytics solutions for next-generation devices and networks, today announced that it has fully incorporated the NetSecOPEN test suite into its CyberFlood testing platform. The new built-in capabilities provide CyberFlood users with the ability to easily perform assessments of their security systems using the full breadth of NetSecOPEN’s open network security test standard methodologies.

NetSecOPEN is a vendor-independent standards body that brings together leading testing solutions vendors, security vendors, and testing labs to develop transparent, open, and public standards-based cybersecurity performance testing. Spirent Communications joined NetSecOPEN as a founding member in 2017, and has played an important role in developing the organization’s open testing standard for next-generation firewalls (NGFW).

Spirent’s CyberFlood is the first assessment solution to integrate all current NetSecOPEN tests. With this latest version, users can easily access NetSecOPEN’s standards-based methodologies to assess and validate how deployment-ready security solutions impact network performance. These methodologies cover a wide range of use cases, including enterprise perimeter security mix traffic, cybersecurity assessment with pre-defined attack and malware scenarios, and a growing set of primary performance tests for bandwidth and capacity based on fully open and transparent standards.

“The combination of CyberFlood and NetSecOPEN enables every enterprise to adopt an open-standards approach to infrastructure security assessments,” said Jurrie van den Breekel, vice president, business development and product management at Spirent Communications. “With CyberFlood’s NetSecOPEN tests, users can immediately see the impact on performance, while optimizing infrastructure security policies.”

Spirent CyberFlood is a powerful, easy-to-use test solution that enables enterprises, service providers, and network equipment manufacturers to gauge the security, performance, scalability, and efficacy of their application-aware network infrastructures. Unlike test solutions that merely simulate or mimic attacks, CyberFlood emulates hacker, malware, and attack behavior using realistic and up-to-date threats – including malicious payloads seen in the real world – to provide a highly accurate security evaluation of an organization’s networks and devices.

Brian Monkman, executive director of NetSecOPEN said: “Incorporating the NetSecOPEN test suite into Spirent’s CyberFlood is a great step forward for the industry and brings us closer to full, cross-industry adoption of a truly open standard for apples-to-apples performance testing of security solutions. Now CyberFlood puts our specification of realistic, repeatable testing into the hands of enterprise organizations, labs, and vendors.”

CyberFlood version 19.1.2, featuring the expanded NetSecOPEN test suite as a standard component, is available now. For more information, please visit https://www.spirent.com/products/cyberflood, while more details about NetSecOPEN are available at www.netsecopen.org.

About Spirent
Spirent Communications plc. (LSE: SPT) offers test, measurement, analytics and assurance solutions for next-generation devices and networks. The company provides products, services and information for high-speed Ethernet, positioning and mobile network infrastructure markets, with expanding focus on service assurance, cybersecurity and 5G. Spirent is accelerating the transition of connected devices, network equipment and applications from development labs to the operational network, as it continues to innovate toward fully-automated testing and autonomous service assurance solutions.

For more information, please visit www.spirent.com and follow us on LinkedIn, Twitter and Facebook.

# # #