Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020, exploring the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems and abuse federated authentication.
When we hear the term “critical infrastructure,” we want to believe that the assets – whether they are physical or digital – are extremely secure. Our minds conjure images of the vaults of Fort Knox, which are protected from every angle. However, critical infrastructure of the digital variety is not necessarily any more secure than any other digital asset. It all comes down to how meticulous the organization is in looking for and quickly closing vulnerabilities and security gaps that expose an attack surface for a bad actor to exploit.
Menlo Security recently conducted research to find out how organizations across industries are dealing with the balance between security and user experience.
Yes, you need one. But who do you turn to? Inept ransomware negotiators have left companies in worse shape than they found them in by inciting threat actors to do even more damage. The best approach is to engage a ransomware negotiator before you’re attacked, so they can work with you to create a sound crisis response plan. What should you look for when hiring a ransomware expert to drive crisis planning and response at your enterprise?
With more Americans expected to do their holiday shopping online during the COVID-19 pandemic, US agencies and cybersecurity leaders are urging all consumers to be on alert for holiday shopping scams and cyber threats, which historically spike during the holiday season. Here, we talk to Michael Rezek, Vice President of Business Development and Cybersecurity Strategy at Accedian, about the technologies retailers need to adopt to ensure a smooth holiday shopping season, how to see the warning signs for bad actors, how to proactively manage them and what to do to prevent them in the first place.
The University of Texas at San Antonio (UTSA) launched the Cybersecurity Manufacturing Innovation Institute (CyManII), a $111 million public-private partnership. Led by UTSA, the university will enter into a five-year cooperative agreement with the U.S. Department of Energy (DOE) to lead a consortium of 59 proposed member institutions in introducing a cybersecure energy-ROI that drives American manufacturers and supply chains to further adopt secure, energy-efficient approaches, ultimately securing and sustaining the nation's leadership in global manufacturing competitiveness.
To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.
Both organizations and consumers are evolving, becoming more digital, and requiring features that align with the current environment. As businesses are transforming digitally, consumers are surrounded by a plethora of applications and are using apps more than ever in daily life. Unfortunately, companies and individuals are at greater risk than ever because applications are among the top targets for threat actors.
When it comes to running an information security program, barriers to success are predictable. Many are obvious, such as a lack of budget and minimal buy-in, but others are not so clear and it’s often the small things that add up to create real security hurdles.
RSS
