Security practitioners around the world are struggling to cope with the challenges posed by remote workers heavily relying on virtual private networks during the COVID-19 pandemic. Here's a look at steps to take to help enhance security.
Checkmarx, an Israeli security company that has made its mark in DevOps and application security testing, soon will have a new owner. Private equity firm Insight Partners is selling the company to another private equity firm, Hellman & Friedman, in a $1.15 billion deal.
Microsoft has released an "out of band" security update to fix a flaw in SMBv3 that was accidentally disclosed publicly before a full fix had been prepared. Security experts warn that the flaw could be exploited to crash vulnerable systems and potentially execute arbitrary code.
RSA 2020 touched on a number of topics, including the security of elections and supply chains, plus AI, zero trust and frameworks, among many others. But from sessions on cryptography, to this year's lower attendance, to the antibacterial dispensers dotted around venues, concerns over COVID-19 also dominated.
Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
Walgreens' mobile app inadvertently disclosed personal messages to other customers due to an internal application error, revealing some health-related information. The company did not say how many people were affected.
Implementing the concept of "privacy design" requires a series of critical steps, says Heikki Tolvanen, chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm, who offers insights on mistakes to avoid.
The U.S. Cybersecurity Infrastructure and Security Agency has released its cybersecurity plan for the run-up to the 2020 presidential election, outlining the agency's role as a facilitator that will assist federal, state and local agencies in protecting critical election infrastructure.
MIT security researchers have published a paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 midterm elections. But the maker of the app contends the research is flawed.
The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.
Israel's voter registration database - comprising close to 6.5 million people - was exposed to the internet because of an elementary coding flaw in an election application. It's unclear how long the exposure lasted or if bad actors accessed the data.