A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.
To achieve better network visibility, security practitioners must improve their knowledge of tools that support web services, containers and the evolution of development practices, says Ed Moyle, co-founder of the cybersecurity advisory firm Security Curve.
A sophisticated cyber-espionage campaign using spyware called Mandrake has been targeting Android users for at least four years, according to security firm Bitdefender. The malware has the ability steal a range of data, including SMS authentication messages from banks.
Australia's Parliament passed a new law on Thursday to deal with a range of legal and privacy concerns arising from its quickly developed contact-tracing app, COVIDSafe. Misusing data and other offenses could garner a five-year prison sentence.
DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
Microsoft addressed vulnerabilities in a dozen of its software products in its Patch Tuesday update for May. And while none of the flaws are currently being exploited, several of the most critical flaws require immediate attention, the company says.
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?
Google and Apple on Monday released privacy and security guidelines for their jointly developed contact-tracing infrastructure. The companies note that apps developed using their APIs can only be developed by or for public health authorities - and solely to collect information to trace COVID-19 infections.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
As Google and Apple prepare to offer a jointly developed infrastructure for contact-tracing smartphone apps to help fight the COVID-19 pandemic, the Electronic Frontier Foundation, a privacy advocacy group, is raising concerns about the risks involved.
Over the past five years, a sophisticated spyware campaign has been targeting Android users through Trojan-laced apps in the Google Play store that are disguised as various plugins, browser cleaners and application updaters, according to Kaspersky researchers.
Less than 24 hours after the Australian government released its COVID-19 contact-tracing app Sunday, nearly 2 million people had downloaded it. As security and privacy experts review the app, one outstanding question is if the public will trust it enough to reach the public health target of 10 million users.
The root cause of many successful cyberattacks lies primarily in
vulnerable software itself. The real question that needs to be asked
is, "Can the industry do a better job of writing more-secure code,
making software applications nearly impenetrable to cyberattacks?"
What's making your software essential to your...
In today's competitive world, time to market is imperative.
Organizations are under increasing pressure to continuously deliver new and improved software. To win the race, nothing can get in the way of rapid software releases. This requirement has often led organizations to leave security behind, making them an...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.