The ethical issues that exist around the wake of discovered security vulnerabilities are vast and murky. Far too often, the conversation about how and when to disclose security weaknesses shifts from a dialogue to a one-way monologue. What's a security leader to do?
To keep pace with the ever-evolving security industry, ASIS International released an update to the Protection of Assets (POA) reference set. Refreshed to reflect our changing times and keep security professionals on the leading edge of best practices in the field, this collection is to assist security management directors and professionals responsible for corporate asset protection.
A web server hosting the domain for a local government in the United States was recently breached by advanced hackers taking advantage of old vulnerabilities in firewalls sold by Fortinet, according to an FBI Flash Alert issued. After gaining access to the local government organization's server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones.
Streaming - and really all content creators and consumers - would not have accelerated as it did without that much-needed bandwidth. In much the same way, we see the idea of Zero Trust Network Security, introduced more than a decade ago, needing its own boost for more widespread adoption. That help has arrived in the form of Secure Access Service Edge (SASE), the ideal framework for Zero Trust.
Barak Tawily, Chief Technology Officer and Co-Founder of Enso Security, argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security. Here, we talk to Tawily about AppSec and why enterprise security should be concerned with AppSec.
App security is too important to be an afterthought. With the threats facing modern web applications, organizations need to find a new way to ensure protection without impeding innovation. To move forward, security and DevOps will need to work together to solve the challenges they face—in terms of both security and organizational politics.
The Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector.
Proofpoint, Inc. and Ponemon Institute released the results of a new study on “The Cost of Cloud Compromise and Shadow IT.” The average cost of cloud account compromises reached $6.2 million over a 12-month period, according to over 600 IT and IT security professionals in the U.S. In addition, 68% of these survey respondents believe cloud account takeovers present a significant security risk to their organizations, with more than half indicating the frequency and severity of cloud account compromises has increased over the last 12 months.
With the Colonial Pipeline ransomware attacks that caused widespread East Coast fuel shortages still fresh in our minds, new WhiteHat Security research has found that application specific attacks are equally, if not more, likely than ransomware attacks.
ThycoticCentrify announced new research that reveals more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months. In 85% of the privileged credential theft instances, cybercriminals were able to access critical systems and/or data. In addition, two-thirds (66%) of insider threats led to abuse of administrative privileges to illegitimately access critical systems and/or data.
RSS
