This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
“CVE naming and assignment to software packages and versions are the foundation upon which the software vulnerability ecosystem is based,” Romanosky said. ” Ben Edwards, principal research scientist at Bitsight, told CSO, “My reaction is sadness and disappointment.
Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication. SEC investigators gathered evidence that Unisys Corp.,
KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Not that these roles are somehow more or less important than that of a CISO/CSO within the organization.
Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.
Get the latest from CSO by signing up for our newsletters. ] In honor of this event, I urge you to take the month of October to become more aware of your computer and network assets. Learn the must-have features in a modern network security architecture and the 7 tenets of zero trust. | To read this article in full, please click here
Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.
The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] This is known as a supply chain attack. How much does a data breach cost?
That’s the fundamental notion behind SIEM (security information and event management) software, which is essential to the security defenses of most large and many medium enterprises.
Unsanctioned software and applications running on corporate mobile devices is a security nightmare. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ] Learn the 8 mobile security threats you should take seriously. |
Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cybersecurity to the top of the government's agenda. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ]
Intel has partnered with Microsoft as part of a US Defense Advanced Research Projects Agency (DARPA) program that aims to develop hardware and software to drastically improve the performance of fully homomorphic encryption (FHE) computation. To read this article in full, please click here
Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before.
Software composition analysis definition. Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. To read this article in full, please click here
Piled on top of that is a growing wave of ransomware and software supply chain attacks. . Get the latest from CSO by signing up for our newsletters. ] Learn the The 5 types of cyberattack you're most likely to face. | To read this article in full, please click here
Software security and reliability have been compared and contrasted for several years , with the primary point being that both have the goal of protecting customers and consumers. When carried out appropriately, this maximizes stakeholder value.
Magic WAN allows organizations to connect their branch offices, data centers, cloud assets, and remote workers to its global network and use it as their own software-defined WAN. Get the latest from CSO by signing up for our newsletters. ] Follow these 5 tips for better cloud security. |
Sign up for CSO newsletters. ]. As with any business software decision, the password manager discussion starts with requirements, specifically regarding features. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan.
Intrusions where hackers compromise the infrastructure of software developers and Trojanize their legitimate updates are hard to detect by users of the impacted software products, as highlighted by multiple incidents over the past several years. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].
As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. Modern software today is modular.
CISOs have an array of ever-improving tools to help spot and stop malicious activity: network monitoring tools, virus scanners, software composition analysis (SCA) tools, digital forensics and incident response (DFIR) solutions, and more. Sign up for CSO newsletters. ]. Keep up with 8 hot cyber security trends (and 4 going cold).
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com,” GitHub CSO and SVP.
The incident prompted warnings from CISA and other national CERTs and led to renewed discussion about security and the open-source software ecosystem and how developers consume and track their use of open-source components. To read this article in full, please click here
The two bad practices are: Use of unsupported (or end-of-life) software. Get the latest from CSO by signing up for our newsletters. ] They are so broad in their “badness,” however, that any organization should take notice and ensure they are not doing them. Use of known/fixed/default passwords and credentials.
Software supply chain incidents have been making headlines recently. Despite similarities among these security incidents, not all supply chain attacks are created equal. To read this article in full, please click here (Insider Story)
Embedded devices, especially those designed for industrial automation that have long shelf lives, are known to use a mixture of in-house and third-party code that was created at a time when software vulnerabilities were not as well understood as today. Get the latest from CSO by signing up for our newsletters. ].
Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. To read this article in full, please click here
Get the latest from CSO by signing up for our newsletters. ]. The incident didn't have a widespread impact like the recent SolarWinds compromise or other supply chain attacks where backdoors made it into stable releases of software products and were pushed out to regular users.
Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance this week following the compromise of the SolarWinds software that affected thousands of entities across the United States and beyond. To read this article in full, please click here
Over the past year, there have been several high-profile incidents in which attackers have attempted to compromise enterprises through the software supply chain. It’s anything and everything that goes into your software, like code, binaries, and other components, and where they come from, like a repository or a package manager.”
Sign up for CSO newsletters ! ]. This same group was behind the SolarWinds supply chain compromise last year that resulted in corporate networks being compromised through Trojanized software updates. How well do you know these 9 types of malware and how to recognize them. To read this article in full, please click here
Hoping to foster improved security of open-source software, the White House hosted a meeting last week with some of the largest public and private users and maintainers of open-source software. To read this article in full, please click here
Studies show that CSO readers are most likely to know that endpoint protection is the modern iteration of the antivirus tools of previous generations. Threat vectors for end-user devices include browser-based attacks, phishing attempts, malicious software, or spyware. To read this article in full, please click here
Whether you are a sysadmin, a threat intel analyst, a malware researcher, forensics expert, or even a software developer looking to build secure software, these 15 free tools from GitHub or GitLab can easily fit into your day-to-day work activities and provide added advantages. ELF Parser.
The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle.
Open-source security has been high on the agenda this year, with a number of initiatives, projects, and guidance launched in 2022 to help improve the cyber resiliency of open-source code, software and development. Wheeler, director of open-source supply chain security at the Linux Foundation, tells CSO.
That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.
Notable incidents such as SolarWinds and Log4j have placed a focus on software supply chain security. They have also sent security teams in search of tools to ensure the integrity of software from third parties. Software use is ubiquitous, with digital platforms now accounting for 60% of GDP per the World Economic Forum (WEF).
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits.
From the CISO perspective, a recent industry report from Coalfire on Software Supply Chain Risk hit the nail on the head: “Managing risk within software supply chains and product development lifecycles has become as important as protecting traditional, physical inventories and equipment supply lines.”
A lack of cohesion between software development teams and cybersecurity functions compounds the software supply chain risks faced by organizations, making it all the more urgent for cybersecurity leaders and their teams to better engage with and educate developers. To read this article in full, please click here (Insider Story)
Endpoint and secure access solutions vendor Absolute Software has released a new offering to enable customers to prepare and accelerate their endpoint recovery in the face of ransomware attacks.
The Linux Foundation and the Open Source Security Foundation (OpenSSF) have introduced the Open Source Software Security Mobilization Plan. This is in response to attacks on the software supply chain and an uptick in interest in securing them.
Endor Labs came out of stealth mode on Monday, launching its Dependency Lifecycle Management Platform, designed to ensure end-to-end security for open source software (OSS).
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content