Every organization has its own combination of cyber risks, including endpoints, internet-connected devices, apps, employees, third-party vendors, and more. Year after year, the risks continue to grow more complex and new threats emerge as threat actors become more sophisticated and…
The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping their dependencies up-to-date was very time-consuming but something…
Palo Alto Networks Extends SASE Reach to Unmanaged Devices
Prisma SASE 3.0 promises to make it simpler and faster to apply zero-trust policies. The post Palo Alto Networks Extends SASE Reach to Unmanaged Devices appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
Code faster with generative AI, but beware the risks when you do
Software developers can achieve significant productivity gains with GenAI-powered coding help, but these may come with baggage. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Code faster with generative AI, but beware…
UnitedHealth data breach should be a wake-up call for the UK and NHS
The ransomware attack that has engulfed U.S. health insurance giant UnitedHealth Group and its tech subsidiary Change Healthcare is a data privacy nightmare for millions of U.S. patients, with CEO Andrew Witty confirming this week that it may impact as…
My TED Talks
I have spoken at several TED conferences over the years. TEDxPSU 2010: “Reconceptualizing Security” TEDxCambridge 2013: “The Battle for Power on the Internet” TEDMed 2016: “Who Controls Your Medical Data?” I’m putting this here because I want all three links…
Proactive, Responsible Disclosure Is One Crucial Way Fortinet Strengthens Customer Security
The cybersecurity industry continues to grow and mature. As a part of this process, we must collectively raise the topic of—and discuss the need for—ethical rules for handling the disclosure of vulnerabilities, especially given the many benefits of providing such…
“Dirty Stream” Attack Affects Popular Android Apps
A vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app’s home directory, potentially leading to code execution and unauthorized access to user data. This article has…
Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report
Microsoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features. The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek. This article has been indexed from…
Hackers Claim Biggest Attack On UAE in History
The United Arab Emirates government was the target of a significant data breach attack that has the cybersecurity industry on edge. The attacker, who goes by the username “UAE,” has not been recognized. Unless a ransom of 150 bitcoins (about…
Cyber Criminal Sentenced for Targeting Therapy Patients
In a recent legal case that has shaken Finland, cyber offender Julius Kivimäki, known online as Zeekill, has been sentenced to six years and three months behind bars for his involvement in a sophisticated cybercrime operation. The case revolves around…
Industrial Cyberattackers Reverting to USB Tactics, Says Honeywell Report
In a surprising turn of events, the use of removable media, particularly USB devices, has resurged as a favoured tactic among industrial cyber attackers. Honeywell’s recently released “2024 USB Threat Report” sheds light on this concerning trend, emphasizing its…
It may take decade to shore up software supply chain security, says infosec CEO
Sure, we’re waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities.…
More Than Two Dozen Android Vulnerabilities Fixed
Xiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access. This article has been indexed from…
GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability. The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard. This article has been…
U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems
The U.K.’s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022. This article has been indexed from Security | TechRepublic Read the original article: U.K., U.S. and…
Top 5 Global Cyber Security Trends of 2023, According to Google Report
According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023. This article has been indexed from Security |…
North Korean Hackers Spoofing Journalist Emails to Spy on Experts
North Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs. This article has been indexed from Cyware News – Latest…
The U.S. House Version of KOSA: Still a Censorship Bill
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> A companion bill to the Kids Online Safety Act (KOSA) was introduced in the House last month. Despite minor changes, it suffers from the same fundamental flaws…
How Are APAC Tech Salaries Faring in 2024?
The year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years. This article has been indexed…
Proactive Responsible Disclosure is One Crucial Way Fortinet Strengthens Customer Security
The cybersecurity industry continues to grow and mature. As a part of this process, we must collectively raise the topic of—and discuss the need for—ethical rules for handling the disclosure of vulnerabilities, especially given the many benefits of providing such…
US Says North Korean Hackers Exploiting Weak DMARC Settings
The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek. This article has been indexed from…
LayerX Raises $26 Million for Browser Security Platform
Israeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies. The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek. This article has been indexed…
Understanding the Link Between API Exposure and Vulnerability Risks
In a digital+ world, there is no escaping “vulnerabilities.” As software development grows more complex and APIs become more central to new software architectures, vulnerabilities can stem from various sources, whether it’s an issue within open-source components or a mistake…