The SolarWinds attack has cybersecurity leaders everywhere taking a hard look at third-party risk. But it’s one thing to have a fresh strategy and quite another to actually start holding vendors accountable for their own security. Jonathan Swanson of CyberGRX offers advice.
There has been a spike in web shells being detected as ransomware gangs and other attackers increasingly target vulnerable on-premises Microsoft Exchange servers following publication of proof-of-concept attack code for ProxyLogon, which is one of four zero-day flaws patched by Microsoft in early March.
A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with criminal hacking by a U.S. federal grand jury and accused of illegally accessing and leaking data from numerous organizations, apparently including Intel, Nissan and the U.S. National Reconnaissance Office.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
While modern, multi-tiered DX applications bring agility and innovative capabilities, their complexity makes monitoring and securing them difficult, if not impossible, with current network visibility tools. This puts the success of these applications in particular - and digital transformation projects in general - at...
The pace of digital transformation has reached a speed never before seen, forcing organizations into an “adapt or die” situation. Software is at the center of it all, placing increased pressure on DevOps leaders, AppSec managers, and developers to develop and deploy software faster to keep their organizations...
U.S. public schools faced a record number of cyber incidents in 2020, with over 400 attacks reported. This led to a spike in school cancellations, as IT staff members struggled to get systems back online while dealing with the COVID-19 pandemic, reports the K-12 Cybersecurity Resource Center.
The latest edition of the ISMG Security Report features cybercrime deterrence lessons learned from the disruption of the Emotet botnet operation. Also featured: An update on attacks tied to Microsoft Exchange flaw exploits; a discussion of the need to update business continuity plans.
Modern application design and the continued adoption of DevSecOps are expanding the
scope of the AST market. Security and risk management leaders will need to meet tighter
deadlines and test more complex applications by seamlessly integrating and automating AST
in the software delivery life cycle.
Application security testing is common, but technology changes such as containers, APIs and open source challenge existing toolsets. Security and risk management leaders must evaluate current capabilities and product roadmaps to ensure tools will contribute value in an evolving business environment.
Traditionally, software development training falls short on security. And as enterprises embrace the “shift left” movement, that gap puts them at risk. Veracode’s Dave Ferguson discusses the gap and how Veracode’s new Security Labs was developed to fill it.
It’s time to build security in from the start of the SDLC to better manage,
measure, and address risk, empower development teams, and
guarantee secure software delivery at the speed of DevOps.
While financial service organizations are under constant attack from adversaries, there
are specific steps they can...
Public sector organisations worldwide face a
daunting set of challenges as society adjusts to
the current COVID-19 environment. Whether it is
local government, healthcare, law enforcement,
or blue light responders, organisations across all
disciplines that previously depended on in-person
processes have been...
With millions of sports fans to cater to, DAZN
has secure applications high on its agenda. Security comes from the top (their
c-suite) and rolls down to their software developers who understand the value of
a secure application. Application Security Testing (AST) solutions are imperative to
DAZN, so they deliver...
Just days after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, some security experts say. The flaws could be exploited for creating backdoors for email accounts or installing ransomware and cryptominers.