During the past 12 years or so, I've been helping many organizations and teams to build secure software systems. But what does a secure system actually mean to me? It means that the system has sufficient security controls and are resilient to attacks, and that we know how security has been addressed and what is the remaining security risk with it. I have some observations of what teams typically miss and how they can address these concerns.
Vastuu Group, together with its partner cybersecurity company Nixu, has developed a secure digital signature platform SignSpace in Finland.
Press release, March 31, 2020 at 8:05 AM EEST
In 2020, the RSA Conference still took place in San Francisco, but this year’s event was held virtual with the ongoing pandemic restrictions. The previous physically held conference in February 2020 saw plenty of exciting new research published, which we discussed at the time, focusing especially on cloud security. Now, we decided to take a look at new data and see how things in the world of the cloud have developed from early 2020 to August 2021. It looks like the challenges remain the same, but have likely been exacerbated by the pandemic years.
Keva, the largest pension agency in Finland, is committed to developing its ability to prepare for and respond to cyber threats. With the help of Nixu’s extensive cyber exercise, Keva is now more prepared than ever for any unexpected situations.
Nixu Corporation, Press Release, March 24, 2021 at 8:30 AM EET
A researcher from the KU Leuven university in Belgium published a white paper of his research on Monday and disclosed severe vulnerabilities in the WPA2 protocol used commonly in the modern WiFi networks. The attacks introduced in the whitepaper work also against the older WPA protocol.
ISO 27001 has become the de facto standard for Information Security Management System certifications. Most other security standards are based on or refer to ISO 27001 at least to some degree.
In the previous article on Skype Phishing, I explored the possibilities of using Skype for Business as a channel for carrying out targeted attacks on specific high-value individuals in companies.
As reported on May 12, 2017 a ransomware variant called WannaCry became quickly famous after striking various companies and organizations around the world.
A new internal portal in a bank was running smoothly. Then a trusted site host suspended their services because of unpaid invoices. Project lead Jessica just thought they had mixed up their bookkeeping. What no one could have imagined was that a banking Trojan had found its way between the transactions. This customer story may have happened somehow, somewhere. Welcome to the world of cyber noir.
Nixu Corporation Press release on August 28, 2019 at 8.50 AM (EEST)
The cyber threat landscape continues to evolve and become even more multifaceted. This means that all public and private organizations, and people alike, need to be aware of what might be looming in the future. What are the emerging threats like? And how can we stay one step ahead of the cybercriminals who are unfortunately becoming more technically savvy and innovative year after year?
Nixu Corporation, Stock exchange release, 23 February 2023, 8.00 p.m. EET
Nixu Corporation, Stock exchange release, February 16, 2023, 8.30 a.m. EET, Inside Information