Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
04/30/2024
Change Healthcare, compromised by stolen credentials, did not have MFA turned on
“This underscores pure negligence on the part of UnitedHealth,” Tom Kellerman, SVP of cyber strategy at Contrast Security, said via email. “Negligence in cybersecurity led to systemic breaches across the U.S. healthcare industry. The long-term effects of this massive breach will be felt for years to come.”
[The story also ran in Healthcare Dive.]
04/29/2024
Cyber Spies Hit Cisco Firewalls in Zero-Day Exploits
Tom Kellermann, Contrast Security senior vice president of cyber strategy, said that cybersecurity companies are “increasingly targeted by nation states for the purposes of island hopping.” He said it’s important to “remember that all cybersecurity companies develop software and in many cases they are not rigorous with their DevSecOps. This has been a banner year for zero days and thus runtime security must be implemented to mitigate the exposure.”
04/25/2024
5 ways Runtime Security cuts through exploding software complexity
Software complexity is exploding. Modern applications and application programming interfaces (APIs) comprise hundreds of repositories, frameworks, components, platforms, containers, services and connections. The rapidly increasing use of third-party, open-source libraries and AI-generated code is aggravating the challenge.
04/24/2024
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
04/24/2024
People on the Move
04/23/2024
State-Sponsored Russian Hackers Linked to Breach of Texas Water Treatment Plant
Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.
04/23/2024
Contrast Security Welcomes Shay Mowlem as Chief Marketing Officer to Drive Global Expansion
Contrast Security announces the appointment of Shay Mowlem as Chief Marketing Officer (CMO), tasked with leading the company's global marketing endeavors. With a focus on Contrast's groundbreaking Runtime Security platform, Mowlem brings a wealth of experience from esteemed enterprise software companies, setting the stage for heightened strategic direction and accelerated growth.
04/23/2024
Leveraging AI to Bolster Cloud Security for APIs and Microservices
Runtime Application Self-Protection (RASP): Employing Runtime Application Self-Protection (RASP) solutions like Contrast Security or Veracode involves embedding security policies into API runtime environments to enforce measures against common threats like injection attacks and data exposure.
04/18/2024
OWASP looks to future-proof SBOMs with CycloneDX 1.6
The foundation is upgrading the standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.
04/12/2024
ISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021
Gender and ethnicity gaps persist, but female executives and middle managers earned more on average than male counterparts, according to the survey.
04/11/2024
How MSSPs, MSPs Can Help Defend the Water Supply
It’s hard to imagine a cyberattack on critical infrastructure target any more disastrous and cruel than to a source of drinking water. Yet, the White House says there is now evidence that state-sponsored threat actors are doing just that.
04/11/2024
Will There Ever Be a Solution to Zero-Day Exploits? Expert Analysis
Pushed by the rapid acceleration and abundance of new software, updates, and apps being released, the software development sector is leaving wide security gaps and weak points across architectures.