Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is titled "Recognize Their Attacks."
SonarSource has raised $412 million on a $4.7 billion valuation to establish a physical presence in Asia and increase its wallet share with existing customers. The company wants to open an office in Singapore and pursue opportunities in China, South Korea, Taiwan, Singapore, Japan and Australia.
In light of research saying 41% of organizations had an API security incident in the last year and 63% of the incidents involved a data breach or loss, Filip Verloy of Noname Security discusses how tighter integration of API security testing and other "shift left" strategies can mitigate breaches.
Australian software firm Atlassian has issued fixes for a critically rated vulnerability in its Jira software that could allow an unauthenticated attacker to remotely bypass authentication protections in place. Both Jira and Jira Service Management are vulnerable to this bug.
Gartner heaped praise on Synopsys for having the most complete vision and strongest execution ability around application security testing, while Checkmarx took the silver. Veracode was awarded bronze for its execution ability, while HCL Software took the bronze for completeness of vision.
A week after Microsoft announced the Windows Autopatch feature and declared that, come July, the tradition of Patch Tuesday will end, it's Patch Tuesday again, and the company has issued more than 100 security fixes for software that resolve critical issues, including two zero-day vulnerabilities.
Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its software every second Tuesday of every month since 2016, Microsoft says it is now set to roll out automatic updates. Some security experts weigh in.
A week after the Spring4shell vulnerability was first detected, security companies Microsoft, Check Point and Akamai have identified exploitation attempts, and Trend Micro has confirmed the first successful attempt - the Mirai botnet leveraging CVE-2022-22965 for its malicious operations.
In the latest weekly update, four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million, and the much-anticipated return to in-person events.
Two serious remote-code-execution vulnerabilities have been discovered in VMware's widely used Spring, which is a platform for building online applications. With at least one of the vulnerabilities already being actively exploited, VMware urges immediate patching.
As Finnish technology giant Nokia announces it is ceasing sales in Russia over the war with Ukraine, the company is facing tough questions over how it helped enable a mass surveillance program that supports President Vladimir Putin's autocratic regime.
Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. Sophos says no customer action is needed if the "Allow automatic installation of hotfixes" feature is enabled, but versions close to their end of life need manual configuration.
Days after the recent Okta data breach, parts of a security report, allegedly created by Mandiant, were leaked, giving the breach timeline and how the threat group gained access to Okta's environment. Security experts, including an Okta customer, discuss the report, supply chain risks and redress.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses killware - "a hack of critical services and or infrastructure that can lead to the loss of life" - and asks: "Why should the power grid - or hospitals, water treatment plants or your pacemaker - be internet-accessible?
Google's threat analysis team has detected a new remote code execution flaw leveraged by North Korean nation-state attackers targeting cryptocurrency, fintech and other industries. Although not named in the report, there appears to be a link to the notorious Lazarus cybercrime group.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.