Recent security breaches

Latest posts

Why is Cloud Data Privacy Important?

Why is Cloud Data Privacy Important?

Reading Time: 9 minutes The cloud data system has numerous advantages as well as many dangers. 80% of companies have had at least one data breach in the past months.

Why you need SOC2 compliance as a third party vendor

Why you need SOC2 compliance as a third party vendor

Reading Time: 7 minutes Companies understand the way you handle data security has a direct impact on their bottom lines. This has led to most companies requiring all vendors to have a special compliance certificate called an SOC2.

Hacktivity 2021 – Our experiences

Hacktivity 2021 – Our experiences

Reading Time: 7 minutes Our team attended Hacktivity, the biggest IT security conference in Central and Eastern Europe – a whole day full of interesting presentations and workshops. Click to see how we liked it!

Best practices to prevent a password breach

Best practices to prevent a password breach

Reading Time: 7 minutes Most employee passwords fail to follow even the simplest anti-theft precautions, such as creating passwords with a minimum of 12 characters. In a recent study of 15.2 billion passwords, only 2.2 billion were found to be unique.

Why cybersecurity is important for business

Why cybersecurity is important for business

Reading Time: 6 minutes Cybersecurity is, by nature, a negative asset. As with any protective measure, one of the biggest challenges is to measure the value (or return on investment, ROI) of cybersecurity. It is even more difficult to get stakeholders – customers, users, and decision-makers – in the company to understand its value.

Security breaches then and now

Security breaches then and now

Reading Time: 10 minutes The increasing threat of security breaches mostly has to do with the increasing amount of information being stored. Although individuals are responsible for most data creation, 80% of all data is stored by enterprises.

Coding vs secure coding: 6 rules to live by

Coding vs secure coding: 6 rules to live by

Reading Time: 7 minutes Security breaches can impact any organisation. Insecure coding practices may result in increased security risk, and put businesses in jeopardy. Click to read our post about 6 secure coding rules to live by!

Secure coding training for PCI DSS compliance

Secure coding training for PCI DSS compliance

Reading Time: 7 minutes In payment transactions, security is critical, and any weakness does not only compromise the data, but can result in credit card fraud that causes huge losses for the stakeholders.

Sensitive data exposure – It’s in your hands

Sensitive data exposure – It’s in your hands

Reading Time: 8 minutes Exposing data, especially sensitive data, is a long-time-coming threat. Since personal information such as addresses, payment details, non-hashed passwords, config files, and so on are very popular targets among attackers, it’s obvious that sensitive information is supposed to be protected from unauthorized access.

Compliance training – Security awareness by design

Compliance training – Security awareness by design

Reading Time: 8 minutes Compliance standards are a valuable but mostly misunderstood part of the corporate culture. Like any other certificate, a compliance certificate demonstrates that the entity/business operates according to a commonly accepted standard and signals trust towards third parties. A successful compliance certificate eases regulatory processes, opens new markets, and in general speeds up revenue generation, which is the key metric for businesses.

Don’t just look for security issues, discover root causes!

Don’t just look for security issues, discover root causes!

Reading Time: 10 minutes Application security is one of the cornerstones of cybersecurity, and it is critical to defend a successful business operation. To strengthen cybersecurity defenses, businesses have to apply rigorous testing and remediate the issues that were found.

Python best practices and common issues

Python best practices and common issues

Reading Time: 9 minutes Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.

Where the money is: Financial cybersecurity

Where the money is: Financial cybersecurity

Reading Time: 7 minutes Money management moves towards complete automation, and the evolution of cybercrime follows along. The money heist has changed, we all know that. Cyberspace takes more and more of that cake, but the reason behind attacks remains the same: money, in any form.

Network compromised: Security Issues in Telecommunication

Network compromised: Security Issues in Telecommunication

Reading Time: 7 minutes Telecommunications is everywhere. Hence, this area is more exposed to external threats than others. It is crucial to ensure a strong line of defense in this industry, so your entire organization has up-to-date protection and is aware of best practices.

Security Champions: Interview with Alexander Antukh, Glovo

Security Champions: Interview with Alexander Antukh, Glovo

Reading Time: 7 minutes Security champions represent an essential part of any security programs. They lead their teams on security projects, ensure internal security and help keeping security on the top of your mind. But how exactly they operate in a business? We asked Alexander Antukh, Director of Security at Glovo for professional insights.

Why do you need a security champions program?

Why do you need a security champions program?

Reading Time: 6 minutes As the company grows the leadership wants to establish a security program to ensure the solid and undisrupted operation of the business. Security at this point is essential, especially when calculating the loss from a halted business, even for a few hours.

5 Steps your security program should include

5 Steps your security program should include

Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.

5 Key Challenges When Building a Security Training Program

5 Key Challenges When Building a Security Training Program

Reading Time: 7 minutes To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).

Getting started with Kotlin

Getting started with Kotlin

Reading Time: 9 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?

Tutorial Framework: Containerizing Cybersecurity Knowledge

Tutorial Framework: Containerizing Cybersecurity Knowledge

Reading Time: 8 minutes How can we make security education a whole lot more accessible and fun? The tutorial framework is the answer. In this article we dive into how to create interactive learning environments running inside containers.

Docker: Life Before and After

Docker: Life Before and After

Reading Time: 11 minutes Containers have been around for over a decade. Yet before Docker’s explosive success beginning in 2013 they were not wide-spread or well-known. Long gone are the days of chroot, containers are all the rage, and with them, we have a whole new set of development and security challenges.

Security training: Invest in your Developers

Security training: Invest in your Developers

Reading Time: 7 minutes What are the key benefits of practical security training for developers? Here are some tips on how you can build a case for a developer security program.

XSS Case Study

XSS Case Study

Reading Time: 6 minutes Explore the key elements of this Cross-Site Scripting vulnerability in the Google search engine.

A quantitative approach to Data Protection Impact Assessment

A quantitative approach to Data Protection Impact Assessment

Reading Time: 7 minutes Ever-increasing amounts of information are produced, stored, processed, and transferred enabling products and services across all industries. A substantial amount of this information relates to an identified or identifiable natural person i.e., its personal data. The processing of personal data can, unfortunately, also summon risks to individuals’ rights and freedoms, sometimes materializing in real harm.

How to avoid issues with DNS security and privacy

How to avoid issues with DNS security and privacy

Reading Time: 7 minutes Even if you use HTTPS, your browsing habits can still be tracked by observing your DNS queries. Besides the lack of confidentiality, plain old DNS doesn’t provide data integrity and authenticity either. This article discusses DNS security and privacy and points out the problems that can arise from lacking in these attributes and gives some tips on how to remedy them.

API vulnerability: Way to win USPS customer data – Avatao

API vulnerability: Way to win USPS customer data – Avatao

Reading Time: 3 minutes The US Postal Service launched its Informed Visibility program last year to provide better insight into their mailstream service. For example, one can obtain near real-time notifications about delivery dates and identify trends. However, they have made much more data available than intended, at least 60 million customers were exposed to anyone who is registered on http://www.usps.com.

An overview of Linux container security

An overview of Linux container security

Reading Time: 5 minutes Containers are often treated as if they were virtual machines which are far from the truth, they are a lot less isolated from the host system. However, there is a myriad of ways to enhance isolation. This blog post will give you an overview of Linux container security.

Not so smart pointers

Not so smart pointers

Reading Time: 5 minutes Even though modern C++ ( the standard since C++11) has made programming in this language much more secure, it also introduced new vulnerabilities hidden under its layers of abstractions. In C and older versions of C++, the concept of pointers wasn’t easy to grasp for beginners. You had to worry about null dereference, dangling pointers, deallocation, etc. However, the Middle Ages are over, we have smart pointers now.

Security and usability: How to find a good balance

Security and usability: How to find a good balance

Reading Time: 8 minutes How would you like the idea of being escorted by armed security staff from the grocery store to your home in order to protect the valuable air fresheners you have just bought? Would you be confused, would you visit the store again?

How I could have stolen your photos from Google

How I could have stolen your photos from Google

Reading Time: 8 minutes IT security is a really huge topic and until you find your first bug you can’t be sure that you have the required amount of knowledge, luck, and patience. Joining the club of bug bounty hunters as a newbie is hard, so let me share my story with you.

Smart Contract Security

Smart Contract Security

Reading Time: 6 minutes Blockchain-based platforms are becoming increasingly popular due to their ability to maintain a public distributed ledger, providing reliability, integrity, and auditability for transactions without a trusted entity.

Create a secure collaborative infrastructure workflow

Create a secure collaborative infrastructure workflow

Reading Time: 6 minutes In one of our recent posts, we wrote about the difficulties of adopting infrastructure automation in a previously static environment. As experience shows, it’s never easy to get accustomed to a tool when the size of your team excels in numbers. Exploring its strengths, weaknesses, and boundaries, adopting best practices could take weeks.

Secure development with Spring Boot

Secure development with Spring Boot

Reading Time: 10 minutes In the past decade, Spring Framework became a well established and prominent web framework for developing Java applications. The most exciting and essential changes in the Spring ecosystem was the birth and progression of Spring Boot. No matter what you need, Spring Boot provides comprehensive, easy-to-use, and interdisciplinary development environment tools for deployment and assists in the whole development lifecycle.

The three fatal bugs behind the Facebook breach

The three fatal bugs behind the Facebook breach

Reading Time: 5 minutes The Facebook breach was discovered after the social media company saw an unusual spike of user activity that began on September 14, 2018. A few days later, on Tuesday, September 25, Facebook’s engineering team discovered an unprecedented security issue, that affected about 30 million users. The social media giant says the flaw has been patched, but the people behind this attack are still unknown.

Automate infrastructure securely with Ansible

Automate infrastructure securely with Ansible

Reading Time: 7 minutes In this article, we will cover how to use Ansible for infrastructure automation. Here at Avatao, we are big believers in infrastructure-as-code which is a way of infrastructure automation using the practices from software development. Setup tasks, configuration, identity, and access management are coded as reproducible definitions. This dramatically reduces the chance of human error. Changes in the infrastructure are reproducible and auditable. We can also make use of software development tools such as version control or automated testing and deployment.

How to dive into web-security as a developer

How to dive into web-security as a developer

Reading Time: 7 minutes Great developers possess a wide variety of skills, from technological expertise to product thinking. You need some of these for your current job, others you just picked up over the years. Nevertheless, it’s all valuable and contributes to the fact that you are seen as a seasoned software engineer.

Semancat versioning

Semancat versioning

Reading Time: 8 minutes Tackling the versioning pains of a greenfield project with cats. New projects can force us, developers to face certain challenges that we won’t even have to think about when working on an already existing codebase.
These include stuff like “how are we going to ship our code to customers/clients?” or coming up with a way to distinguish between versions.

Security issues to be aware of before moving to the cloud

Security issues to be aware of before moving to the cloud

Reading Time: 8 minutes As more and more infrastructures are moved to the cloud datacenters, services offered by the cloud providers became an obvious target for exploitation and cloud security in practice is more important than ever. Configuring these services to be as secure as possible is a new challenge coming from the datacenter world.

Git security best practices

Git security best practices

Reading Time: 7 minutes In this article, we will discuss different methods to avoid common pitfalls in terms of Git security. We live in a world where it is hard not to know Git, the most popular Distributed Version Control System (DVCS). Free and open-source, it has been initially created by Linus Torvalds to be used for the development of the Linux Kernel. These days, Git is completely omnipresent in the IT industry. It is the key element of platforms such as GitHub or GitLab and used as a package management system by the Go language for example.

Using cloud-services, security is your job too

Using cloud-services, security is your job too

Reading Time: 8 minutes Being cloud-native won’t save you from external threats if you as a user are not aware of basic network security needs – cloud providers simply cannot do everything for you while due to the heavy demand to scale our services, there is unexpected urgency to be cloud-native. This shift allows for abstracting our infrastructure- and network layers into the software-defined space of clouds. Simultaneously, traditional perimeter security issues move silently to the table of IaaS providers, but certain control parameters are still in our hands.

Get to know your way around recent security breaches