Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
03/21/2024
Memory-safe languages and security by design: Key insights, lessons learned
Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
03/14/2024
Russia-Based SolarWinds Hackers are Actively Targeting Microsoft
The November 2023 cyberattack on Microsoft that compromised corporate email accounts isn’t over yet. Microsoft recently disclosed that the Russia-based cybercriminal group Midnight Blizzard obtained information that can be disconcerting to customers. Redmond said the Russian hackers are using the information it previously exfiltrated to compromise it again.
03/13/2024
Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1
Here are the top security trends of the year — and what your team needs to know about them. AI, for one, has its pros and cons for your security posture.
03/08/2024
Microsoft says it hasn’t been able to shake Russian state hackers
BOSTON (AP) — Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.
03/04/2024
Experts Warn of Risks in Memory-Safe Programming Overhauls
Recent guidance published by the Office of the National Cyber Director recommends software manufacturers universally adopt memory-safe programming languages, but experts told Information Security Media Group that costly overhauls of existing software into memory-safe languages could pose new security risks.
03/01/2024
How Can You Avoid Card Skimmers?
Stay safe by knowing how credit card skimmers work and what they look like.
02/29/2024
ConnectWise ScreenConnect Vulnerabilities: What CIOs Need to Know
Two vulnerabilities in the remote desktop management software are being exploited in the wild.
02/27/2024
Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot
Or so says opsec firm, which confirms 70% of all industrial org ransomware in 2023 targeted manufacturers
02/09/2024
How to use Runtime Security to protect risks to both APIs and legacy COTS
The days when you could take your time addressing code vulnerabilities are gone.
12/21/2023
MLflow vulnerability enables remote machine learning model theft and poisoning
Patched in the latest version of MLflow, the flaw allows attackers to steal or poison sensitive training data when a developer visits a random website on the internet.
12/06/2023
What should be in a company-wide policy on low-code/no-code development
Low-code/no-code development could bridge the gulf of development backlogs that exists between great ideas and great execution of digital innovation. But not without security policies around areas like access control, code quality, and application visibility.
11/30/2023
Okta Discloses Wide-Ranging Impact of October 2023 System Breach
A popular identity management tool, Okta, has disclosed that a recent system breach had a wider impact than previously known. In the initial report of the breach in October 2023, the company stated that around 1% of its users were impacted. However, Okta has now stated that the attack impacted all its customers.