The Security Ledger

FEBRUARY 19, 2019

And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month's hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components. They risk undermining a range of voice and image based authentication technologies.

Authentication 40

Authentication CSO Artificial Intelligence Social Engineering 40

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. However, the flaw does not bypass two-factor authentication (2FA), so implementation of MFA can provide initial remediation.

Software 113

Software Authentication CSO Accountability 113

CSO Magazine

MARCH 9, 2023

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile.

Mobile 104

Mobile Software Authentication Accountability 104

The Last Watchdog

MAY 5, 2022

Enable multi-factor authentication (MFA) to access your applications and services, especially for admin access to platforms and backend systems. This resulted in users being allowed to login from devices that may have outdated operating systems, missing patches, not having endpoint security software installed, or not being up to date.

Ransomware 247

Ransomware Risk Internet Internet 247

CSO Magazine

APRIL 21, 2023

The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service. of the software. These were fixed in version 1.11.3 To read this article in full, please click here

Authentication 114

Authentication Technology Software 114

The Last Watchdog

MARCH 25, 2019

Remember when software used to come on CDs packaged in shrinked-wrapped boxes, or even before that, on floppy disks? If you bought a new printer and wanted it to work on your desktop PC, you’d have to install a software driver, stored on a floppy disk or CD, to make that digital handshake for you. Velocity without security.

Digital transformation 154

Digital transformation Software Data breaches Authentication 154

Duo's Security Blog

JULY 13, 2021

For more information about how Duo is paving the way for passwordless authentication, visit our Passwordless Authentication preview page , where you can also sign up for updates about our upcoming passwordless solution. Find out how Duo can help you transition to passwordless seamlessly and securely. BSides Is Back, Too!

CISO 83

CISO CSO Authentication Passwords 83

CSO Magazine

MARCH 14, 2023

ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets.

Software 67

Software Encryption Authentication 67

SecureWorld News

AUGUST 26, 2020

The Inspector General's report summarizes the IRS and its IT environment like this: "The reliance on legacy systems, aged hardware and software, and use of outdated programming languages poses significant risks, including increased cybersecurity threats and maintenance costs. And how many legacy systems do we have? So it helps in that.

Risk 95

Risk Cybersecurity CSO Technology 95

CSO Magazine

FEBRUARY 11, 2022

Security researchers, enterprise software maker SAP, and the U.S. Tracked as CVE-2022-22536 , the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. To read this article in full, please click here

Authentication 102

Authentication Internet Internet Software 102

CSO Magazine

MAY 4, 2022

GitHub has announced its largest-ever push toward two-factor authentication (2FA). The world’s leading development platform said it will require all code-contributing users to enroll in 2FA by the end of 2023 to enhance the security of developer accounts and bolster security within the software supply chain.

Authentication 74

Authentication Software Accountability Risk 74

CSO Magazine

MARCH 17, 2022

the latest version of its open-source threat intelligence platform, with two new features — a secret-scanning tool and runtime SBOM (software bill of materials). Secrets refer to sensitive pieces of information including encryption keys, authentication tokens, and passwords. To read this article in full, please click here

Encryption 79

Encryption Authentication Passwords Software 79

CSO Magazine

APRIL 18, 2023

Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages.

Risk 81

Risk Threat Reports Authentication Accountability 81

CSO Magazine

SEPTEMBER 5, 2022

Of all foundational elements for information security, logging requires far more care and feeding than its fellow cornerstones such as encryption, authentication or permissions. Due to typical log volume, software tools to manage log events is a must-have for businesses of any size.

Encryption 93

Encryption Authentication Information Security Software 93

CSO Magazine

DECEMBER 7, 2021

Hackers are exploiting a critical authentication bypass vulnerability in ManageEngine Desktop Central MSP, an endpoint management tool used by managed service providers (MSPs). ManageEngine is a division of business software developer Zoho that's focused on IT management software.

System Administration 100

System Administration Authentication Software 100

CSO Magazine

MAY 16, 2023

Weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages are all particularly troubling for businesses, according to a recent cloud security report from Palo Alto’s Unit 42.

Risk 86

Risk Authentication Software 86

CSO Magazine

MARCH 22, 2022

Ransomware group LAPSUS$ has claimed to have breached the internal systems of cloud-based authentication software provider Okta and has been targeting the data of its customers since January 21, 2022.

Ransomware 81

Ransomware Engineering Authentication Software 81

CSO Magazine

OCTOBER 11, 2022

Security researchers have found a way to extract a global encryption key that was hardcoded in the CPUs of several Siemens programmable logic controller (PLC) product lines, allowing them to compromise their secure communications and authentication.

Encryption 80

Encryption Firmware Engineering Authentication 80

SecureWorld News

APRIL 22, 2021

We will be releasing a software update in early May. Successful exploitation of these vulnerabilities could allow an attacker to place webshells on the appliance to gain persistent system access into the appliance operating the vulnerable software. Visit Security Advisory SA44784 (CVE-2021-22893) for more information.".

Government 59

Government CSO Software VPN 59

Thales Cloud Protection & Licensing

MARCH 15, 2022

They draw upon Software Defined Networks (SDNs), Next Generation Firewalls (NGFWs), intelligent switches, and other technologies to enforce those access policies. A combination: The third and final ZTA methodology blends both Access Management in the cloud and Software Access Service Edge (SASE). Bush administration, to CSO.

Architecture 71

Architecture Government CSO Technology 71

CSO Magazine

APRIL 1, 2022

The cybercriminal gang is believed to be behind several recent high-profile cyberattacks including the data breach of internal systems of cloud-based authentication software provider Okta. Two teenagers from the UK have been charged by police over hacking offenses in relation to an international investigation into the LAPSUS$ group.

Hacking 93

Hacking Data breaches Authentication Software 93

eSecurity Planet

OCTOBER 18, 2021

Machine identities now outnumber humans in enterprises, according to Nathanael Coffing, co-founder and CSO of Cloudentity. That uncertainty lets software vulnerabilities and the cybercriminals that exploit them go undetected as they compromise organizations’ information. Also read: Top Vulnerability Management Tools for 2021.

IoT 120

IoT Risk Architecture CSO 120

CSO Magazine

OCTOBER 5, 2022

This is particularly prevalent in the marketing of multi-factor authentication (MFA) platforms and endpoint protection (EPP)/endpoint detection and response (EDR) point solutions, but it’s by no means limited to them. Zero trust is an approach, an architecture, and a journey, not software, hardware, or a service to deploy.

Marketing 68

Marketing Architecture Authentication Internet 68

Security Through Education

OCTOBER 27, 2021

Ensure software and security settings are up to date. Update your software. Typically, corporate networks are equipped with firewalls, a Chief Security Officer (CSO), and a whole cybersecurity department to keep them safe. Don’t make passwords easy to guess. Keep devices with you at all times or stored in a secure location.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

CSO Magazine

FEBRUARY 15, 2023

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now.

Authentication 112

Authentication B2C B2B Software 112

CSO Magazine

FEBRUARY 1, 2021

Will you only be implementing a software-defined perimeter? It may involve a more agent-based approach and/or collectively group resources together with authentication and policy being governed at a gateway. At a high level, the roadmap should cover the following: Develop a strategy – What are the overall goals of the business?

Architecture 96

Architecture B2B Government Risk 96

The Last Watchdog

JULY 8, 2021

Like SolarWinds and Colonial Pipeline, Miami-based software vendor, Kaseya, was a thriving entity humming right along, striving like everyone else to leverage digital agility — while also dodging cybersecurity pitfalls. Dom Glavach, CSO and chief strategist, CyberSN. Conditioning employees to be aware of this threat is key.

Ransomware 257

Ransomware Hacking Software Architecture 257

SC Magazine

MARCH 10, 2021

At the very least, there should have been some form of multi-factor authentication or password vault to protect the [server] account. There is no reason why this functionality should exist for general users of the product, especially without some sort of heightened credentials or multi-factor authentication.

Surveillance 129

Surveillance IoT Accountability Passwords 129

eSecurity Planet

DECEMBER 3, 2021

Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Eugene Kaspersky | @e_kaspersky.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

CyberSecurity Insiders

NOVEMBER 1, 2021

Examples of this include keeping software up to date, backing up data, and maintaining good password practices. Cyber attacks nowadays do not often come from ingenious ‘hackers’ in dark rooms, they’re often the result of an employee reusing the same password, or businesses not implementing basic practices such as multi-factor authentication.

Cybersecurity 52

Cybersecurity Backups Ransomware Passwords 52

CyberSecurity Insiders

NOVEMBER 12, 2021

In simple words, Zero Trust is a kind of security framework where all users- inside or outside the network are granted an authenticated & authorized access with validated security credentials to those having access to applications or data.

Data breaches 133

Data breaches Architecture CSO Cyber threats 133