On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform. The so-called cybersecurity law actually speaks little about IT security measures.
Open source components help developers build and deploy applications faster, but with increased speed comes greater risk. Maria Loughlin of Veracode describes how to reduce those risks through several steps, including component inventories and developer education.
Application threat modeling enables the systematic evaluation of applications from an attacker's point of view, says Fouad Khalil of SecurityScorecard.
Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority. Meanwhile, a private equity firm announced that it will acquire application security testing firm Veracode from Broadcom for $950 million in cash.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
Check Point says it has found three ways to falsify messages in WhatsApp, which it claims could be employed by scammers and used to spread fake news. WhatsApp acknowledges the findings, but it will not engineer patches.
Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.
Application control remains one of the best techniques for blocking the vast majority of malware threats; however, implementation often falters due to poor planning.
Every application should be protected the same way no matter where it resides, rather than focusing on a "perimeter" approach, says Doug Copley of Duo Security, who describes a "zero trust" approach.
Open source software components may be free, but that doesn't automatically make them safe to use. "There can be risks involved," says Steve Giguere, of Synopsys, who says these risks are often compounded by the pressure to deliver goods to market quickly and with new features.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.