Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.
Six national data protection and privacy authorities – from Australia, Canada, Gibraltar, Hong Kong SAR, China and Switzerland - have joined with the U.K. information Commissioner’s Office to issue guidance to video teleconferencing companies on privacy, calling for end-to-end encryption.
OptinMonster, a WordPress plug-in used in more than 1 million websites for sales campaign creation, was vulnerable to high-severity bugs, according to Wordfence researchers. An updated version of the plug-in has patched the flaws.
Findings from CyberTheory's 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we've seen before, says CyberTheory's director, Steve King.
You know that security is important. And whether your system is cloud native, has transitioned into the cloud with a traditional architecture, or is just starting that journey, you know that the shift into the cloud has made security more complex than ever. What’s more, security is...
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
Mobile applications have become a nearly ubiquitous offer from Financial Services organizations. While many banks employ defense in depth security protections at their perimeter, a surprising number do not shield their mobile apps from attack. Application Shielding protects banks and consumers by obfuscating code in...
Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobelium.
The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns. It says that there's also been a rise in tardy breach notifications containing little detail.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of product security, the impact of ransomware on healthcare sector entities during the pandemic and thinking about cybersecurity awareness creatively.
Apache HTTP Server users are being warned to install yet another patch, as a fix released Wednesday was incomplete and introduced a new flaw. The U.S. Cybersecurity and Infrastructure Security Agency has urged all users to update immediately, citing in-the-wild attacks exploiting Apache's software.
Nearly all financial institutions offer mobile banking services through mobile and web applications. Comprehensive security solutions protect both the IT infrastructure with perimeter-based security controls as well as protections built into the mobile and web apps themselves.
Download this eBook to...
Applications, in particular Web Applications, have become a top target for threat actors. Organizations have long relied on Web App Firewalls (WAFs) to protect themselves from common threats such as SQL injection, cross-site scripting, and remote file inclusion. In an increasing number of cases, however, protecting...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.