SISA point of view on Uber breach and Key Learnings

Point of View – Learnings from the Uber Breach

On September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is not the first time that Uber has been compromised. Similar instances have been reported in 2014 and 2016, and it appears that hardcoded credentials stored inside code and scripts were the case in all three incidents. The recent episode although claimed to have been an act of fun, does point to a few key learnings.

Read Blog
Browser Automation Framework
The rising threat of Browser Automation Framework: All you need to know!

Recent reports by security analysts and researchers point to an increased use of free-to-use browser automation frameworks by attackers. The framework called Browser Automation Studio (BAS) includes various features such as browser emulation, mimicking human behaviour, and the ability to load data from URL, some of which have attracted several distinct threat actors, who are exploiting these for carrying out malware and credential stuffing attacks.

Read More
Anatomy of a Ransomware Attack
Decoding the Anatomy of a Ransomware Attack

Ransomware is a multi-stage problem, that requires a multi-stage solution to effectively contain the attack at any stage. A typical ransomware attack goes through six distinct stages, and deconstructing each of these can help organizations strengthen their preparation and response strategies.

Read More
All your questions on PCI DSS 4.0 answered
All Your Questions on PCI DSS 4.0, Answered

The newly released PCI DSS 4.0 continues to be hotly debated and discussed, since its launch on 31st March 2022. This post helps answer some of the frequently asked questions on the new standard including implementation queries, to help create awareness and guide organizations in their transition.

Read More