Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
The Food and Drug Administration has issued an alert warning healthcare organizations about 11 vulnerabilities dubbed "URGENT/11" involving IPnet, a third-party software component that may introduce risks for certain medical devices and hospital networks.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
Technology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer. But using "privacy by design" principles during software development can help avoid trouble, he says.
Seven healthcare and health IT industry groups are asking Congress to apply the brakes in issuing a final rule on interoperability, information blocking and health information exchange as required under the 21st Century Cures Act, citing concerns about privacy and other issues.
Facebook says it has suspended tens of thousands of apps as part of its ongoing investigation into data misuse that grew out of the Cambridge Analytica scandal. The company won't disclose the affected apps, but an unsealed court filing says it has suspended 69,000.
Deception technology has emerged as a hot practice - but not one that is necessarily on every enterprise's budgeting radar. Don Gray, CTO of PacketViper, talks about the emergence of deception technology and how security leaders can make the case - and find the budget - for its usage.
A widely used brand of GPS location-tracking devices - for keeping tabs on children, elderly relatives and pets - have security flaws that could allow anyone with an internet connection to track the devices' real-time location and historical movements, warns security firm Avast.
How do organizations know if their app and network security is sufficient to protect them from data breaches - or if their defenses are even working? Paul Dant of Arxan talks about the evolution of mobile/web app security.
Researchers at Kaspersky discovered malware hiding in advertising within a recent version of the popular CamScanner app for Android smartphones. Over the years, the app has been downloaded over 100 million times from the Google Play store.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
Hunterdon Healthcare in New Jersey is shifting applications to cloud providers in order to tap into security capabilities and innovation that doesn't run as deep in the integrated healthcare delivery system's own technology team, says Jason Tahaney, the organization's director of IT.