Fresh from the Log4j mitigation sprint, enterprises now find themselves confronting cultural barriers between application development and security. Larry Maccherone of Contrast Security shares insight on how to tear down these walls and incentivize new behaviors.
In the first of a planned series of articles looking at strategies that have helped her and her teams over the years to not just survive a stressful environment, but thrive in it, cybersecurity executive and CyberEdBoard executive member Kerissa Varma offers this: Be a human, not a terminator.
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
"Mainframe" and "modernization" are not often used in the same sentence. But Eric Odell and Paul Allard of BMC Software share a mainframe DevOps strategy that can result in cost savings, automation efficiencies and reduced risk of mainframe defects.
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
Amid digital transformation initiatives, the application shift to the cloud has been happening at a historic pace. James Brotsos of Checkmarx and James Ferguson of AWS discuss what this shift means for securing cloud DevOps and what each of their organizations brings to their partnership.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
Security experts say the notorious REvil - aka Sodinokibi - ransomware-as-a-service operation, which went dark in July, appears to be back in business. The group's data leak site and payment portal are back online, and one expert says the group appears to have begun amassing new victims.
"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.
This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
The biggest security gaps emerge as enterprises transition from old to new ways of working. Quentyn Taylor of Canon for Europe and Chandrodaya Prasad of Cisco's Security Business Group are most concerned about the gap between NetOps and DevOps.
Bitcoin has enabled fast payments to cybercriminals pushing ransomware. How to deal with bitcoin is the subject of a spirited debate, with some arguing to restrict it. But bitcoin doesn't always favor cybercriminals, and it may actually be more of an ally than a foe by revealing webs of criminality.
Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company. It's workaday botnet data, but it highlights a hostile malware landscape, particularly for people still inclined to download pirated software.
If you're a Russian cybercrime gang feeling the heat after being sanctioned by the U.S. government, why not rebrand? So goes an apparent move by Evil Corp to disguise its WastedLocker ransomware as rival gang Babuk's PayloadBin, so any ransom payers won't think they're violating U.S. sanctions.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
