Happy New Year from all of us at Pomerium! We wish you a safe and secure 2025.
Table of Contents
About the Name: Pomerium
Product Deep Dives: LLM WebUI, Kubectl Integration, and more!
How Pomerium Supports FedRAMP Compliance
December 2024 Security Breaches
What Makes a Secure Password?
About the Name: Pomerium
Ancient Rome and Its Connections to Zero Trust
The name Pomerium was a deliberate decision to align the company’s mission with a concept that’s both historically significant and deeply relevant to the challenges of modern cybersecurity.
According to legend, when Romulus founded Rome around 750 BC, he dug a trench around the city’s foundations to mark its sacred boundary. This trench, called the pomerium, wasn’t a physical wall but rather an invisible line that separated the “safe” interior of the city from the potentially “dangerous” outside world.
The pomerium’s historical role as a boundary aligns closely with the principles of Zero Trust architecture, which is at the heart of our product. Zero Trust challenges the outdated notion of “trusted” internal networks and “untrusted” external networks. Instead, it treats every access request as untrusted until verified, ensuring that trust is earned through continuous validation.
According to Verified Market Research, the Incident Response Market is projected to quadruple in size by 2030, highlighting the growing cybersecurity risks and threats.
Fingers crossed that companies will work to prevent breaches before they happen and that the number of such headlines will decrease this new year, and customers will not have to shoulder the burden of paying for these data breaches.
Here's a preview of some breaches that were covered in December.
Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of users, which the company disclosed back in September 2018. Between September 14 and September 28, 2018, the watchdog said unauthorized people used scripts to exploit a vulnerability to log in to approximately 29 million Facebook accounts globally, around 3 million of which were based in the EU/European Economic Area.
Hospital operator Ascension told Maine's state attorney general on Friday that nearly 5.6 million people were affected in a ransomware attack that hit it earlier this year. In a letter to the attorney general, Ascension's lawyer said the incident happened on May 7 and 8 and blamed it on a "cybercriminal", whom the company did not identify.
Japan's crypto exchange, DMM Bitcoin, announced liquidation, citing recovery issues following a hack of $320 million Bitcoins in May 2024. The DMM Bitcoin hack led to a leak of over 4,500 BTC without permission, with the price being $96,264 per coin. In a bid to safeguard users' funds and maintain operations, DMM Bitcoin has agreed to an asset transfer deal with SBI VC Trade, a subsidiary of the SBI Group. All customer assets, including crypto and fiat currency deposits, are expected to be transferred by March 2025.
The hacking group behind the ransomware attack on the Californian healthcare provider PIH Health on December 1, 2024, claims to have exfiltrated a huge amount of sensitive data before encrypting files. If the hackers are to be believed, they exfiltrated 17 million patient records, data for more than 8.1 million “medical episodes”.
The US Treasury Department was breached by Chinese state-sponsored hackers, who gained access to unclassified documents, in what the organization called a “major cyber security incident”, according to a letter sent to the Congress on Monday. The Treasury said a third-party software provider, BeyondTrust, had notified it of the breach. The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users”.
Common Pitfalls and 5 Must-Dos When Creating a Password
Passwords are like the locks on your digital front doors, but many of us are still putting flimsy padlocks on million-dollar safes. Attackers know this, and they exploit predictable patterns, laziness, and outdated ideas of what “secure” really means to breach our data.
Quick Preview:
How do attackers take advantage of common password pitfalls?
Dictionary Attacks: Attackers try out a list of commonly used passwords, like “123456” or “qwerty.” Sadly, millions of accounts are still vulnerable to this.
Credential Stuffing: Reused passwords make it easy for attackers. One leak from a hacked service can give them keys to your other accounts.
Pattern Recognition: Human brains love patterns. Dates, names, or “password2024” feel familiar—but they’re painfully predictable to a hacker—especially when they’ve already figured out one of your passwords.
Short Length: A short password (even a complex one) takes minutes to crack with modern tools that allow hackers to attempt thousands of passwords a minute.
Read our blog post for more on how to create a better password!
Let us know how you’re using Pomerium at media@pomerium.com for free swag! We love hearing about how our users are securing their infrastructure and accelerating their deployments with Pomerium, and we want to share those stories with our community.
