Warning: Drop everything and patch all the Windows things now. That's the alert being sounded by security researchers in the wake of attackers adopting Equation Group attack tools designed to exploit an SMB flaw and install DoublePulsar backdoor.
Leading the latest version of the ISMG Security Report: A tale of how a dedicated manager spent her weekends monitoring video of ATMs led to the capture of a criminal skimmer. Also, the growing sophistication of cybercriminals.
The recent fix for a zero-day flaw in Microsoft Office appeared more than five months after Microsoft was privately alerted to the flaw, and followed months of it being exploited via in-the-wild attacks. Can Microsoft do better?
Today's enterprises support an assortment of end-user devices, including laptops and desktops (both PCs and Macs), tablets and hybrid devices, and, of course, smartphones. Not only do employees
use a variety of form factors, but they run a variety of platforms on those devices, including:
Apple iOS and Apple...
WikiLeaks has released a second batch of CIA attack tools, dubbed Dark Matter, which includes malware designed to exploit Mac OS X and iOS devices. But Apple contends the attacks target vulnerabilities in its software that have long been patched, so users are not at risk.
Canadian authorities narrowly escaped a data breach by stopping an intrusion at the country's statistics agency. The cyberattack used a zero-day vulnerability in Apache Struts 2, which has now been patched.
A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.
CA Technologies has announced plans to snap up application security testing vendor Veracode for $614 million cash, to offer SaaS-based application security testing. The move signals that secure coding - and agile-inflected DevOps - is hot. But will it come in time to secure the internet of things?
The present government's move to demonetize currency has given an increased impetus to cashless and electronic transactions in the country. With digitization occurring across all spheres of life,
the common citizen is being increasingly incentivized to go digital with their financial transactions, which can...
With the current demonetization move and the emphasis on cashless transactions in India, the chances of cyber risk to the payments infrastructure are higher ever before. What then will be India's
stance going forward and how do business and practitioners need to respond to this risk? country like India and what are...
The cost upsides of writing code that's as free from bugs as possible has long been known, says Veracode's Chris Wysopal, but bugs continue to plague production code. Thanks to the rise of agile programming, however, there are new opportunities to eradicate flaws during development.
For too long, ensuring that code is securely written - and bug free - has been a business afterthought. But there's been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode.
Based on the past year, Forrester outlines important recommendations for your security strategy for the coming 12 months. The recommendations are based on thousands of client inquiries and interactions, consulting engagements, and dozens of primary research interviews with
CISOs, security vendors, and major security...
The exploitation of known, but unmitigated, vulnerabilities is the primary method of compromise for most threats since attackers are able to easily and cost-effectively leverage existing vulnerabilities for effective and profitable outcomes. It's time to align your vulnerability management priorities with the biggest...