geordiepingu.co.uk

Category: SecOops

Why does software development need zero trust?

Disclaimer: The following article is a blog post I wrote for Nexor, based on things I’ve been working on over the past few years. The last few weeks have continued to demonstrate the impact of a compromised software supply chain – whether that’s realised by malicious threat actors or lack of software quality control. CrowdStrike,…

August 6, 2024
DevSecOops: 3CX Hack – Supply Chain Attack

Very recently, 3CX, a VOIP and PBX software developer was compromised. According to their website, over 600,000 businesses globally use 3CX solutions to power voice communications in their business. Some customers include the NHS, Air France, PWC, just to give some context. Policy For Suspected Attacks My jaw hit the floor and bounced back, causing…

April 4, 2023
SecOops: Arnold Clark

Recently, Arnold Clark became one of the latest victims of note to Play ransomware. Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com) This has huge implications for customers of Arnold Clark, never mind Arnold Clark themselves with the potential GDPR fines involved. Customer data not only has been stolen, but presumably…

February 5, 2023