The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
An evolving workplace, greater reliance on IoT and the cloud, and already we have seen the new face of supply chain attacks. This is the backdrop for 2021, and Imperva's Brian Anderson offers insights into the cyber-attack outlook.
The working life of a software security professional is many things: challenging, exciting, unpredictable... but rarely is it easy. And in most organizations, they can be siloed, working separately from operations teams and the developers tasked with creating new applications. It can make for a rather chilly reception...
Learn how National Australia Bank, one of the top four financial institutions in Australia, set about ensuring that all their Developers could upskill and thrive in an optimum environment; learning and retaining vital secure coding techniques.
NAB sought to make shifting left a priority, ensuring that everyone was...
Government leaders are increasingly calling on cybersecurity researchers to better inform policymakers and are urging businesses to pay more attention to their in-house security teams, according to presenters at this week's Black Hat Europe virtual conference.
A hacking group behind an Android spyware variant has recently added fresh capabilities that include the ability to snoop on private chats on Skype, Instagram and WhatsApp, according to ReversingLabs. This APT group, believed to be tied to Iran, has recently been sanctioned by the U.S. Treasury Department.
This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
DDoS, bad bots and automated attacks - these are the common strikes against organizations that support ecommerce. How can they fend off these attacks without impacting normal human traffic? Edward Roberts of Imperva shares strategies and solutions.
Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.
IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
With digital transformation come new applications and efficiencies in the cloud. But governance, visibility and access challenges also emerge. Ron Bennetan of Imperva shares strategies for improving data governance and security in the cloud.
Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.
To be the first to bring a ground-breaking treatment or vaccine to market, pharmaceutical organizations need employees to stay productive no matter where they are or what device they're using. But this greater connectivity is exposing your critically important intellectual property (IP) to countless mobile risks. It's...
To be the first to bring a ground-breaking treatment or vaccine to market, pharmaceutical organisations need employees to stay productive whether no matter where they are or what device they're using t. But this greater connectivity is exposing your critically important intellectual property (IP) to countless mobile...