New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States. Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” said Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks.” 

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data. 

Weak SSL/TLS encryption 

A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure

Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption 

There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk

The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

“The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk” Ng added. “By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Notes to Editors:

1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap. 
2. In the context of this alert:

• An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
• The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

The closure of the San Francisco vegetarian sandwich staple is forcing long-time patrons to try and make them at home.

Mass spectrometry-based proteomics data from thousands of HeLa control samples | Scientific Data  Nature.com

More than 4,100 University of Illinois Chicago students have signed up to receive the new U-Pass + Metra, a pass that gives them unlimited rides on Metra and the CTA for a reduced fare price under a one-year pilot program.

A sandwich is generally defined as something delicious slapped between two slices of bread. New York tax code would beg to differ. | Subscribe to our weekly newsletter here.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Sand. It's in buildings, windows, your cell phone. But there isn't enough in the world for everyone. And that's created a dangerous black market.

Subscribe to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

The Nashville-based singer-songwriter sought inspiration from Dorothy's journey in The Wizard of Oz.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Saving the planet from climate change with a grain of sandToronto, ON – Every year, humans advance climate change and global warming – and quite likely our own eventual extinction – by injecting about 30 billion tonnes of carbon dioxide (CO₂) into the atmosphere. A team of scientists from the University of Toronto (U of T) […]

TORONTO, ON – A new comprehensive modeling assessment of contamination in the Athabasca Oil Sands Region indicates that officially reported emissions of certain hazardous air pollutants have been greatly underestimated. The results of the assessment, which was carried out by University of Toronto Scarborough Environmental Chemistry professor Frank Wania and his PhD candidate Abha Parajulee, […]

In honor of National Adopt a Shelter Pet day on April 30th, we’re sharing two Moth stories all about the special role pets play in our lives. This episode is hosted by the Moth’s Social Media Coordinator, Estee Daveed.

Storytellers:

Scott Sanders deals with jealousy as his dog becomes a more successful actor than he is.

Noriko Rosted must find a pet sitter for her beloved cat before her trip to Italy.

On this episode, stories all about birthdays - and the importance we place on them. This episode is hosted by Kate Tellers.

Storytellers:

Sheila Cavanaugh accidentally steals someone else’s birthday.

Sandra Kwawu finds comfort in a celebration with her friends and family.

Speicher explains how design thinking can help guide us to new ways of collaborating as we rethink work and the workplace in a post-Covid world.

Sandvik Coromant recently participated in the annual awards ceremony at the Northern Alberta Institute of Technology (NAIT).

Cassandra is a distributed, scalable non-relational data store influenced by the Google BigTable project and many of the distributed systems techniques pioneered by the Amazon Dynamo paper.

Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance. Host Justin Beyer spoke with Sandall about the benefits of removing authorization logic from your application...

If someone's tells you to pound sand, they are telling you to get lost.

Like it or not, hard times are in front of us, by all means. I won’t deal the hard times now, but instead, I’ll shortly say that it’s all about the energy resources and who owns them. It’s also not... Read more

The post Best practice in hard times: How to safeguard the hundreds and thousands of substations appeared first on EEP - Electrical Engineering Portal.

Designed for sandwiches and wraps, this groundbreaking package introduces the concept of modified atmosphere packaging to a fiber-based format.

dklaughman has added a photo to the pool:

At Bombay Hook NWR, Delaware.

dklaughman has added a photo to the pool:

Celebrity Sandhill Cranes at Bombay Hook NWR, Delaware. They arrived a few years ago and made BHNWR their permanent residence. No offspring yet.

dklaughman has added a photo to the pool:

The woman liked the music by Sticky Situations (live band) so much that she wanted to dance even though the guy was eating a sandwich.
Georgetown, during Return Day.
More info at this website: www.returnday.com/

www.facebook.com/p/Sticky-Situation-Band-100057364341837/

Jim Grisanzio talks with Sandesh Rao about Artificial Intelligence and Machine Learning, the latest technologies from Oracle in the AIOps space, how Sandesh manages teams, how he deals with change, and how industry trends are changing everything.

• Sandesh Rao, Oracle VP, AIOps

Podcast Host: Jim Grisanzio, Oracle Developer Relations
https://twitter.com/jimgris
https://developer.oracle.com/team/ 

From the Archives | December 2019 | Sangam 19, Hyderabad, India

Jim Grisanzio talks with Sandesh Rao and Sai Penumuru about the technology announcements at Sangam 2019 in Hyderabad and also the Sangam and OGYatra development community. In the discussion, Sai and Sandesh covered all the technology announcements Oracle made at the event, and all the community development activities that were taking place at the time. 

Video from the 2019 Interview
https://youtu.be/xvIlOlK0lek 

Sai Penumuru, President, AIOUG
https://twitter.com/sai_penumuru

Sandesh Rao, VP, AIOps, Oracle
https://twitter.com/sandeshr 

All India Oracle Users Group
http://www.aioug.org/ 

Sangam 19 Conference Website
http://www.aioug.org/sangam19/ 

Images from Sangam 19
https://flic.kr/s/aHsmJYoaz3 

Podcast Host: Jim Grisanzio, Oracle Developer Relations
https://twitter.com/jimgris
https://developer.oracle.com/team/ 

Oracle Developer Live — Java Innovations: Building the Future Today: September 14 and 16

In this conversation, Java Software Architect Paul Sandoz previews his talk at the upcoming conference Oracle Developer Live — Java Innovations. The event is on September 14 and 16 and Paul will be talking about The Vector API in JDK 17. Don't miss it! 24 speakers booked! Everyone will be there. Video

Register for Oracle Developer Live — Java Innovations: Building the Future Today: September 14 and 16

Paul Sandoz, Java Software Architect, Oracle
https://twitter.com/PaulSandoz

Podcast Host: Jim Grisanzio, Oracle Developer Relations
https://twitter.com/jimgris
https://developer.oracle.com/team/ 

JavaOne 2022 Speaker Preview

In this conversation Oracle's Jim Grisanzio talks with JavaOne 2022 speaker Sander Mak from The Netherlands.

Sander is a Java Champion, an author, and an engineer at Picnic. In this conversation he previews his upcoming session at JavaOne — Streamlining Large-Scale Java Development Using Error Prone. He also talks about the Java community and his experiences becoming a developer. 

JavaOne 2022 October 17-20 in Las Vegas

• JavaOne 2022: Registration and Sessions
• JavaOne 2022: News Updates at Inside Java

Sander Mak, Java Champion, Author, Developer at Picnic 

• @sander_mak

Java Development and Community

• OpenJDK
• Inside Java
• Dev.Java
• @java on Twitter
• Java on YouTube

Duke's Corner Podcast Host

• Jim Grisanzio, Oracle Java Developer Relations, @jimgris

In a personal interview with Dr. Linda Livingstone, Dan Sanders, President of Albertsons (Southern California Division) describes his career path, the process of turnarounds, and gives advice to new MBA students.

Dan Sanders, President of Albertsons (Southern California Division), talks about his leadership lessons and experiences learned from his career path. (Part 1 of 2)

Dan Sanders, President of Albertsons (Southern California Division), sits down for an interview with Dr. Linda Livingstone, Dean of the Graziadio School of Business and Management. Dan also answers various questions from audience members. (Part 2 of 2)

Sen. Sanders: “If Trump wins, the struggle—the global struggle—against climate change is over. Because if the largest economy in the world, the United States, pulls back, so will China, so will Europe.”

Climate Depot note: I will be on the ground again this year attending the UN climate summit COP29 in Azerbaijan. Morano will be there for the week of November 10th through 15 in Baku, following the UN’s every effort to squelch your freedom and continue the dark path of net-zero rationing of energy, food, freedom of […]

With Pom Pom’s Mama Ling Ling off our cravings menu for good, it’s time to review some of Orlando’s best options for a classic “leftover sando.”

U4SSC - City Snapshot - Kristiansand, Norway

U4SSC - Verification report - Kristiansand, Norway

U4SSC - City Snapshot - Sande, Norway

Comments

Decidieron recorrer los 50 kms que separan Zhengzhou y Kaifeng y su aventura se convirtió en un reto viral que ha creado no pocos problemas de tráfico. Leer

 Leer

El Consistorio destinará 1.130 millones de euros a gasto social y hará la mayor inversión desde 2008 Leer

Disfrute de la naturaleza y busque el perdón, o no, en el entorno mágico que rodea al antiguo monasterio de la Sierra que fue habitado por cartujos Leer

La directora general de Gesvalt celebra los 30 años de la compañía, en los que ha sido un testigo directo privilegiado de la evolución inmobiliaria del país. Con esa perspectiva, una cosa tiene clara: "No estamos para nada en un escenario de burbuja" Leer

En pleno directo de Sandra Golpe desde Aldaia, una de las zonas más afectadas por la DANA, un hombre se ha colado delante de la cámara gritando consignas contra Pedro Sánchez y Carlos Mazón, lo que ha provocado que la presentadora tuviera que parar unos instantes Leer

Gran Hermano no es información, es entretenimiento, pero anoche, durante unos minutos, el reality se saltó sus propias reglas y decidió comunicar a los concursantes la tragedia de la DANA. Jorge Javier Vázquez no se pudo contener; nadie pudo Leer

About 15,000 blue-collar federal employees could see as much as 12% federal pay boosts, once the Office of Personnel Management’s regulations become final.

The post Proposed federal pay adjustment could boost wages for thousands of blue-collar feds first appeared on Federal News Network.

Thousands of jobs to go at German car parts maker Schaeffler

Cargolux Airlines Has Proved Its Qualities Once More In The Extremely Volatile Environment Of The International Air Cargo Indust... Stefan Stefansson, Sandweiler, LUXEMBURG, Luxembourg

Re-release; Canada Mines Branch. 636, 1925, 1 sheet, https://doi.org/10.4095/307817
<a href="https://geoscan.nrcan.gc.ca/images/geoscan/cmb_636.jpg"><img src="https://geoscan.nrcan.gc.ca/images/geoscan/cmb_636.jpg" title="636, 1925, 1 sheet, https://doi.org/10.4095/307817" height="150" border="1" /></a>

Sen. Bernie Sanders (I-VT) revealed Thursday that he contracted COVID-19 during the Senate's holiday break amid an increase in infections nationwide.

Starlink satellites burn up in Earth's atmosphere after five years. Some researchers worry this injection of metals in the upper atmosphere could be damaging.

A resident of a nursing home in Thousand Oaks was arrested after his roommate was found dead early Friday morning, the Ventura County Sheriff's Office said.

Alexander Kulabukhov is up at 5 am on Feb. 24, jolted awake by the explosions in his neighborhood…