I. Paytm Mall suffers alleged data breach
The initial report has Sketchy Information.
A database admin tool (Adminer) appears to be the culprit. A similar Adminer issue was also exploited in the Magecart breach last year.
Was this an external breach due to a misconfigured Adminer? Or an insider job?
CISO Check:
Do your hardening checklists consider third party administration utilities?
Do you monitor for suspicious database connections from your internal network to the internet?
Who can install and access admin utilities in your environment? Do you have additional checks and balances for approving their use?
II. Security as a Code?
A Sequoia backed firm Oso, plans to represent security as a code.
Secure coding is hard work. Separating authorisation code from your functional code, is a great way to think about software security.
CISO Check:
How do you enable your devops teams to write secure code faster?
III. Quote of the week
We will bankrupt ourselves in our vain search for absolute security - Dwight Eisenhower
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.