Although SolarWinds has released a second round of patches for flaws in its Orion network monitoring platform that was targeted in a supply chain attack, some security experts say organizations need to go far beyond patching to manage the risks involved.
Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones.
2020 has ushered in rapid change in everything we do, from banking and grocery shopping, to working and learning from home. New technologies such as cloud and microservices as well as practices such as DevOps help organizations adapt to these changes. But these new technologies introduce their own challenges,...
An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.
Dr. Chenxi Wang, industry thought leader and analyst, examined the Return on Investment that organizations may realize by using Cobalt’s Pen Testing as a Service (PTaaS) platform. This study took a detailed look at the benefits and costs of deploying Cobalt’s services in comparison with using traditional...
There has been a spike in web shells being detected as ransomware gangs and other attackers increasingly target vulnerable on-premises Microsoft Exchange servers following publication of proof-of-concept attack code for ProxyLogon, which is one of four zero-day flaws patched by Microsoft in early March.
A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with criminal hacking by a U.S. federal grand jury and accused of illegally accessing and leaking data from numerous organizations, apparently including Intel, Nissan and the U.S. National Reconnaissance Office.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
To accelerate innovation and protect digital and cloud investments, organizations need to prioritize modern infrastructure monitoring and application performance monitoring (APM) solutions that are built in and for the cloud. spWith the right APM solution, organizations can resolve issues faster, increase productivity...
The latest edition of the ISMG Security Report features cybercrime deterrence lessons learned from the disruption of the Emotet botnet operation. Also featured: An update on attacks tied to Microsoft Exchange flaw exploits; a discussion of the need to update business continuity plans.
Traditionally, software development training falls short on security. And as enterprises embrace the “shift left” movement, that gap puts them at risk. Veracode’s Dave Ferguson discusses the gap and how Veracode’s new Security Labs was developed to fill it.
It’s time to build security in from the start of the SDLC to better manage,
measure, and address risk, empower development teams, and
guarantee secure software delivery at the speed of DevOps.
While financial service organizations are under constant attack from adversaries, there
are specific steps they can...
With millions of sports fans to cater to, DAZN
has secure applications high on its agenda. Security comes from the top (their
c-suite) and rolls down to their software developers who understand the value of
a secure application. Application Security Testing (AST) solutions are imperative to
DAZN, so they deliver...
Public sector organisations worldwide face a
daunting set of challenges as society adjusts to
the current COVID-19 environment. Whether it is
local government, healthcare, law enforcement,
or blue light responders, organisations across all
disciplines that previously depended on in-person
processes have been...
Just days after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, some security experts say. The flaws could be exploited for creating backdoors for email accounts or installing ransomware and cryptominers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.
