The DoD Strikes Back: Enhancing Supply Chain Cybersecurity with CMMC 2.0

In late October 2023, a third-party data breach incident sent shockwaves through the business world, affecting over 57,000 entities engaged in business with Bank of America. This breach exposed sensitive personal and financial information, underscoring the pivotal role that third-party…

PLC network: the history of industrial systems  facing up to the challenges of the future

Introduction Industrial systems are a category of information systems of their own, with codes and properties that differ from "classic" IT systems. It is well known that the level of maturity of the industrial sector in terms of cybersecurity is…

Microsoft Defender for Cloud Apps: how to secure cloud applications use 

Data and collaborative spaces migration to the cloud has created new data breach possibilities and has particularly extended the attack surface of companies. Furthermore, cloud applications increasing utilization and new ways of working have considerably widened - whether voluntary or…

Deceptive Security: the solution for effective detection in the cloud? – your luring strategy. 

    Today, cyber-attacks are part of our daily lives, and are becoming increasingly numerous and sophisticated.   Simultaneously, we are moving towards Information Systems built on an ever-increasing diversity of environments, thanks in particular to the Cloud, which is now…

IT for OT: What process to develop cybersecurity solutions adapted to industrial businesses?

During the Wavestone OT Cyber Day, Loïc Lebain and Benoit Bouffard conducted a workshop in which they noted that IT departments were still struggling to develop a catalogue of cybersecurity solutions for OT. Based on their experience with our customers,…

The Quest for Cybersecurity’s Purple Squirrels: How to Find and Keep Them

“Talent shortage”, “skills gap”, “employee burnout in cybersecurity”, “high turnover rate” – as a cybersecurity professional, you must be familiar with these expressions, for better or for worse. You may have seen the big headlines pointing out talent shortage issues…

PIPL: is information system decoupling necessary to comply with protectionist local laws?

The PIPL (Personal Information Protection Law) has emerged as an unprecedented first example of highly protective regulation of personal data, establishing an uncertain framework that reinforces China's control. Despite recent clarifications from China’s authorities, the centralisation of information systems continues…

Application control: what strategy you should adopt for your industrial supervision system?

The industrial control system (ICS) is the set of resources and machines used to supervise and control an industrial process. This article looks at the security issues surrounding Windows devices of the ICS supervision and maintenance layer: SCADA servers and…

CI/CD in AWS: The Solution to All Your Problems? What You Need to Know.

Integrating security directly into the configuration of CI/CD pipelines, especially through the practice of DevSecOps, enables the development of secure applications while increasing delivery frequency. This relieves pressure on security teams, which can often be a limiting factor in the…

Surviving an Active Directory compromise: Key lessons to improve the reconstruction Process 

Active Directory is a critical asset whose failure affects a large portion of your information system  Your company is currently dealing with a major ransomware crisis. Given its central role in managing access, authentication, and network resources within any organisation,…

Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT

Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing. Azure, in…

Barb’hack 2022: Leveraging PHP Local File Inclusion to achieve universal RCE

For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…

IEC 62351 Standard: What cybersecurity measures are suitable for electrical networks? 

IEC 62351 is an international cybersecurity standard for Smart Grid communication and control systems. Its aim is to help grid operators protect themselves against threats endangering this sector, while adapting the recommendations to the realities of the industrial world.   In…

Back to top