Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.
The guardrails organizations use to protect employee identities are often ineffective for contractors, business partners or vendors since they bring their own devices. Many businesses struggle to implement identity safeguards in a setting that's more heterogeneous and offers fewer controls.
Thoma Bravo, Vista Equity Partners and rival Francisco Partners have set their sights on a new target: Sumo Logic. Each of the three private equity firms has approached the Silicon Valley-based data analytics software vendor expressing interest in a possible acquisition, The Information reports.
Optiv has gone beyond examining log data and classic managed security services work to pursue threats across a broader swath of structured and unstructured data. The company has focused on finding threats outside of a log environment by examining system-to-system interfaces and transactional data.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
Twitter says a massive collection of purported user data being sold and then leaked via cybercrime markets was not amassed by exploiting a vulnerability in its systems but is instead "likely a collection of data already publicly available online through different sources."
Hackers are going downstream in their attacks on healthcare sector entities and their third-party business associates because in many cases, these cybercriminals have already hit up the larger players, says Michael Hamilton, CISO of security firm Critical Insight.
Anytime critical infrastructure gets disrupted, the first question inevitably seems to be: Was a cyberattack to blame? So it went Wednesday when the Federal Aviation Administration announced a "ground stop," prohibiting all U.S. flights from taking off, due to an overnight system failure.
Hacking and third-party business associate incidents were the crux of the largest health data breaches reported to federal regulators in 2022, foreshadowing the top risks and threats that will likely plague healthcare entities and their vendors in the new year, as well.
Many of the major health data breaches being reported to regulators reflect a variety of poor practices by business associates, including retaining sensitive patient information for much longer than necessary, says Kate Borten, president of The Marblehead Group.
Hackers can strike any industry, but there has been an alarming increase in targeted and successful cyberattacks in healthcare. Now, more than ever, it's essential that your healthcare organization is prepared and has strategies in place for managing data breaches. Here are seven strategies to use.
Hundreds of U.S. counties continue to work with pen and paper after a cyberattack on their digital records management vendor last week disrupted methods to view, add and edit government records. The attack slowed the processing of birth certificates, marriage licenses and real estate transactions.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
