Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. In the days between April 21 and April 27, the spotlight was on the arrest of a Ukrainian trafficker in stolen data, a U.S. Navy shipbuilder and incidents in Canada, India and Kenya.
Two experts from HackerOne - Marten Mickos, CEO, and Alex Rice, CTO and co-founder - provide insights on the similarities and differences between ethical hackers and in-house red teams, as well as the misconceptions around engaging with ethical hackers.
IT infrastructure deployed over the past four to five decades created a lot of silos. But those silos are starting to erode. Organizations began to consolidate their data, applications and infrastructure with cloud computing. For some applications, there is a need to process data closer to the source.
The midsize market encounters many cybersecurity hurdles, including the increasing volume of information that needs to be protected, the shift to hybrid cloud, and limited skilled personnel to build and implement security programs. What does the SOC look like for these organizations?
Organizations have long been using software from open-source ecosystems without fully realizing how much software they actually pull from these libraries, but the potential downstream effects of security flaws could have a major impact, said Pete Morgan, co-founder and CSO at Phylum.
A key challenge for intelligence analysts is not just finding the right data intelligence but determining how much to trust it and how to make it relevant to their organization. Flashpoint is aiding this by streamlining workflow, said Chief Product and Engineering Officer Patrick Gardner.
Changes to FedRAMP regulations will have a major impact on cloud services providers, compliance and cybersecurity controls, said Tony Bai, director, federal practice lead, at A-LIGN. Bai offers insight on navigating the U.S government authorization requirements as well as the StateRAMP program.
The state of the software supply chain in 2023 continues to be "unacceptable," said Brian Fox, co-founder and CTO at Sonatype. Sounding alarm bells, Fox cited a Sonatype report that said organizations are using known vulnerable components in their applications 96% of the time.
Developers want to move quickly and they want security to be "a natural part" in every step of the software development life cycle. Generative AI can play a pervasive role in helping cybersecurity keep up the pace, according to Brian Roche, chief product officer at Veracode.
Every organization has a role in securing the nation and economy. Enterprises should invest in the right controls, partner with public agencies and prioritize security at the board level, advised Eric Goldstein, executive assistant director for cybersecurity of CISA.
Venture capitalist Alberto Yépez says there are opportunities to innovate in this economy. The market is self-correcting, but the demand for cyber protection has increased with the rise in cyberattacks and increased regulations, making it a top priority in terms of technology budgets, he said.
Much of the friction between CISOs and their general counsels, according to Ron Raether, partner at Troutman Pepper, is the result of ignorance. General counsels don't understand the full extent of IT and information security and often pin the blame on the CISOs, who become the scapegoats.
Hackers are attempting to infect a consumer-grade Wi-Fi router model with Mirai botnet malware following the discovery of zero-days in the device in a December hacking competition. TP-Link released a patch in mid-March. Telemetry shows infections in Eastern Europe and elsewhere.
An obscure routing protocol codified during the 1990s has come roaring back to attention after researchers found a flaw that would allow attackers to initiate massive distributed denial-of-service attacks. Researchers from Bitsight and Curesec say they found a bug in Service Location Protocol.
The transition to the cloud at a fast pace during the pandemic affects information security to this day, said Amer Deeba, co-founder and CEO, Normalyze. Cloud drove innovation but left organizations wondering where the data was going across multiple clouds and what was the best way to secure it.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.