Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
DevOps and the addition of the "Sec" or security element to it has led to significant progress in moving security up in the application development chain, says Gartner's Dale Gardner
T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.
Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.
Check Point says it has found three ways to falsify messages in WhatsApp, which it claims could be employed by scammers and used to spread fake news. WhatsApp acknowledges the findings, but it will not engineer patches.
Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.
Application control remains one of the best techniques for blocking the vast majority of malware threats; however, implementation often falters due to poor planning.
Every application should be protected the same way no matter where it resides, rather than focusing on a "perimeter" approach, says Doug Copley of Duo Security, who describes a "zero trust" approach.
Federal regulators are reminding organizations about the importance of identifying and patching software vulnerabilities. But why are these seemingly basic security steps so challenging for so many?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
