The first annual Index of Cyber Security finds that senior security officers are more concerned than at this time last year about the risk of cyber attack and other online risks, with concerns about ideologically-motivated hacktivists and the threats posed by business partners and other “counter parties” topping the list.
Browsing Category: Compliance
The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors.
Search giant Google is in negotiations with the U.S. Federal Trade Commission (FTC) over the size of a fine it will pay. This, after the company was found in breach of privacy controls in Apple’s Safari browser earlier this year.
This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, VeracodeAs we have examined in this series, the information security practice called Application Security (or “AppSec”) seeks to protect all of the software that runs a business. It has three distinct objectives:1) Measurable reduction of risk from existing applications2) Prevention of introduction of new risks3) Ensuring compliance with regulatory mandates
An Iranian man who revealed a vulnerability in a widely used point of sale (POS) system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service.
A new bill introduced to the U.S. House of Representatives would make it illegal for employers and other institutions to require Social Media passwords from their employees.
This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal GlynnThis series began with a general definition of Application Security (“AppSec”) as a fundamental infosec practice that addresses the reduction of both immediate and systemic software risk. When undertaken correctly, AppSec takes a systematic, programmatic approach to hardening business-critical software, from the inside. That’s not to say that organizations must over-invest in an advanced program from the start to be effective – in fact, quite the opposite.
UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations.
Data from the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) shows that 3.2 million residents – almost half the population of the state- have been the victim of a data breach in the last four years.