Security Leadership and Management

RSS

News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.

Steven Seiden, president of Acquired Data Solutions (ADS), has been involved in “digital divide issues” for more than 20 years, and he believes broadening inclusion and diversity in the STEM literacy field is one of his purposes. An engineer by trade, Seiden has experienced a shift in the tech world over the years, watching the convergence of technology, IT and IOT and noting the ever-expanding engineering lifecycle that now includes security.

From the onset of the pandemic, Sanofi’s North America Security Operations & Technology team has worked across the enterprise to provide critical in-house applications and communications to departments and leaders, be on the frontlines of on-location response efforts, ensuring operational continuity, as well as the safety and security of the company’s staff and assets.

David Ting assumes the role of Chief Information Security Officer (CISO) at productivity infrastructure solutions provider Nylas.

Boeing took a project management approach to its comprehensive, unified COVID-19 pandemic response co-led by the organization’s Security & Fire Protection and Health Services business units. Putting communication and actionable data at the forefront, the organization made informed decisions to minimize operational disruption and ensure the safety of its employees including site suspensions, COVID-19 specific protocols, PPE distribution and more.

Thursday, May 6 is World Password Day, a day dedicated to promoting safer password practices. Strong password management has been especially important as cyberattacks have skyrocketed since the onset of the pandemic and the switch to remote work. Here, security executives share their insight and tips on how to create and promote safer password practices in the enterprise and among employees.