article thumbnail

CVE Program Almost Unfunded

Schneier on Security

“CVE naming and assignment to software packages and versions are the foundation upon which the software vulnerability ecosystem is based,” Romanosky said. ” Ben Edwards, principal research scientist at Bitsight, told CSO, “My reaction is sadness and disappointment.

CSO 314
article thumbnail

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication. SEC investigators gathered evidence that Unisys Corp.,

CISO 263
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Chief Security Concern for Executive Teams

Krebs on Security

KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Not that these roles are somehow more or less important than that of a CISO/CSO within the organization.

CSO 259
article thumbnail

CSO Global Intelligence Report: The State of Cybersecurity in 2021

CSO Magazine

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.

CSO 144
article thumbnail

Time to check software and security settings for Windows network vulnerabilities

CSO Magazine

Get the latest from CSO by signing up for our newsletters. ] In honor of this event, I urge you to take the month of October to become more aware of your computer and network assets. Learn the must-have features in a modern network security architecture and the 7 tenets of zero trust. | To read this article in full, please click here

CSO 114
article thumbnail

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.

CSO 201
article thumbnail

What is Magecart? How this hacker group steals payment card data

CSO Magazine

The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] This is known as a supply chain attack. How much does a data breach cost?

CSO 145