Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises. Dan Fitzgerald, a CISO at the consultancy McKinsey & Co., shares insights on how to make these transitions.
The latest edition of the ISMG Security Report assesses the legacy of WannaCry ransomware two years on. Also featured: the evolving role of healthcare CISOs; threat mitigation recommendations based on the 2019 Verizon Data Breach Investigations Report.
Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.
Salesforce says it has nearly recovered from a botched database update that wiped out user permissions within its Pardot marketing management product on Friday. The error allowed Salesforce users access to previously restricted profiles.
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating "critical" and "high" software vulnerabilities. Security experts say this change is long overdue. But does it go far enough?
Do you know how attackers can move once they're inside your network? The access footprint changes constantly as users log on and off, restart systems, change roles, and access resources. Until now, these conditions have only been visible when skilled analysts inspect individual systems. Attack Surface Manager reveals...
Every organization has systems that can't be secured well enough - perhaps because they can't be patched in a timely manner, can't provide data for monitoring, or aren't compatible with standard security tools. When unsecurable systems support mission-critical processes or hold valuable data, cyberattackers are adept...
During periods of rapid growth, your business is especially vulnerable to cyberattacks from both malicious insiders, and external threat actors. Extended periods of IT change and consolidation can open seemingly minor security gaps that can quickly become gaping holes attackers will exploit. This quick read will...
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.
Changes in development models, architecture designs, and the infrastructure where we run applications over the past 5-10 years have made modern applications look nothing like they did a decade ago. So why are most companies still using legacy web application firewall (WAF) defenses that were not built for modern web...
By adopting DevSecOps practices, security is finding itself adding significant value to organizations, helping them move faster and safer by working with development and operations teams. Yet according to the SANS 2018 survey, Secure DevOps: Fact or Fiction?, adoption is still in its infancy, and most organizations...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
