Skip to main content

Welcome to the fifth edition of Tech Talk! This week, we’re covering some of the latest and most critical cybersecurity issues and updates:

Using Content Delivery Networks Safely
Learn how to use content delivery networks (CDNs) safely, especially given the recent security concerns following the polyfill.io attack. Sub-Resource Integrity (SRI) plays an important role in ensuring that third-party content remains intact and secure. By using SRI, web developers can guarantee that the resources loaded from the CDN have not been tampered with, protecting websites and users from potential attacks. LINK

CDK Global Ransomware attack
A ransomware attack against CDK Global has affected the operations of 15,000 car dealers. This incident highlights the risks of relying on managed service providers for critical business functions and the challenges of recovering from such an attack. CDK Global, which provides technology and digital marketing services to the automotive industry, has struggled to restore systems and data, demonstrating the importance of robust security measures and contingency plans. LINK

Snowflake’s Historic Data Breach
Cloud computing company Snowflake has been at the center of the largest series of corporate data breaches in history. For several months, hackers have been able to steal massive amounts of data from the company’s customers, prompting extensive investigations and legal action. This breach has exposed weaknesses in cloud security and has put pressure on the company to improve its safeguards and restore customer trust. LINK

Use of Entrust Certificates
Despite regulatory compliance issues that have led Google Chrome to stop relying on Entrust certificates in November 2024, prominent institutions such as the IRS still use them. This has led to concerns about the potential implications for web security and reliability. The decision by Google underscores the importance of strict security standards for CAs and the need to maintain the highest level of compliance to ensure user security. LINK