The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.
Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S. in 2015 for criminal hacking on behalf of private investigators.
With internet connectivity getting added to an increasing number of products, privacy and security risks abound. But buyers may be unaware. A team of Carnegie Mellon University researchers aims to change that, by clear labeling of connected devices and the risks they may pose.
For an upcoming virtual roundtable, Alex Laurie of ForgeRock discusses the importance of digital identity management, the need for organizations to quickly and accurately register people, comply with privacy regulations and define and manage the level of risk involved.
Beyond mere information sharing, collective defense is a concept that aligns public and private sectors in a unified front against cyber threats. Bill Swearingen of IronNet Cybersecurity defines the concept and how it's being employed today.
Educational institutions and healthcare entities both have been favorite targets of hackers during the coronavirus pandemic - but academic healthcare systems involved with COVID-19 research appear to be in the bullseye. Among the latest institutions reportedly hit is the University of California San Francisco.
The volume and sophistication of security attacks increase at a rate that makes it tough for SOCs to have people, processes and technologies in their right places. So what would the ideal SOC look like? Bruce Hembree of Palo Alto Networks discusses the way forward.
Ransomware gangs keep innovating: Maze has begun leaking data on behalf of both Lockbit and RagnarLocker, while REvil has started auctioning data - from victims who don't meet its ransom demands - to the highest bidder. Thankfully, security experts continue to release free decryptors for some strains.
A robust customer identity and access management strategy is critical to digital success for today's financial institutions. Eugenio Pace of Auth0 and Paul Bedi of IDMWORKS discuss CIAM in the age of the remote worker.
Too many enterprises remain chained to outdated and vulnerable identity and access management technologies - legacy systems that rely on passwords, eat budgets and kill productivity. Baber Amin of Ping Identity and Cody Cook of ProofID preview a new virtual roundtable on Modern IAM.
A sophisticated strain of ransomware called Tycoon has been selectively targeting education and software companies since December 2019, according to a joint report released by BlackBerry and KPMG. Due to its unique development, this crypto-locking malware can target both Windows and Linux systems.
Separate state-sponsored phishing attacks unsuccessfully attempted to infiltrate the campaign offices of President Donald Trump and former Vice President Joe Biden, according to Google. The incidents illustrate ongoing election security challenges.
Bobby Ford, CISO of Unilever, a multinational consumer goods firm, says the shift to a work-from-home environment requires an intensified focus on email security as well as identity and access management.
The latest edition of the ISMG Security Report sizes up progress made so far on identity management and the work yet to be done. Also featured: how security concerns are holding back IoT projects and the privacy issues raised by recording videoconferences.