Findings from CyberTheory's 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we've seen before, says CyberTheory's director, Steve King.
Vulnerable software and applications are the leading cause of security breaches. Couple this with the fact that software is proliferating at an accelerated pace, and it’s clear why malicious actors have zeroed in on this rapidly-expanding attack surface. Software security must be a top priority going forward. Here...
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
Mobile applications have become a nearly ubiquitous offer from Financial Services organizations. While many banks employ defense in depth security protections at their perimeter, a surprising number do not shield their mobile apps from attack. Application Shielding protects banks and consumers by obfuscating code in...
Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobelium.
The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns. It says that there's also been a rise in tardy breach notifications containing little detail.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of product security, the impact of ransomware on healthcare sector entities during the pandemic and thinking about cybersecurity awareness creatively.
Apache HTTP Server users are being warned to install yet another patch, as a fix released Wednesday was incomplete and introduced a new flaw. The U.S. Cybersecurity and Infrastructure Security Agency has urged all users to update immediately, citing in-the-wild attacks exploiting Apache's software.
Applications, in particular Web Applications, have become a top target for threat actors. Organizations have long relied on Web App Firewalls (WAFs) to protect themselves from common threats such as SQL injection, cross-site scripting, and remote file inclusion. In an increasing number of cases, however, protecting...
The gaming industry incorporates user and financial data systems uncommon to other businesses. Personal account information, in-game transactions, and buyer-seller marketplaces utilizing credit cards are common elements of gaming app ecosystems. Players trust that gaming companies are protecting their personal...
Nearly all financial institutions offer mobile banking services through mobile and web applications. Comprehensive security solutions protect both the IT infrastructure with perimeter-based security controls as well as protections built into the mobile and web apps themselves.
Download this eBook to...
Who had heard of Syniverse before it recently disclosed a five-year breach, potentially exposing call-routing data and text messages for hundreds of mobile phone networks? The incident is just the latest supply chain attack to hit a lesser-known but nevertheless critical service provider.
Apache, a popular open-source web server software for Unix and Windows, says it has fixed a zero-day vulnerability in its HTTP server that it says has been exploited in the wild. The path traversal and file disclosure vulnerability only affects Apache HTTP servers upgraded to version 2.4.49.
More credit unions now offer their members mobile applications and banking services to meet the tremendous demand and usage - no easy task. Meanwhile, security teams have also had to rapidly evolve to an influx of cyberattacks as the instances of security breaches continue to rise rapidly.
But how do you know if...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
