Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
Early experiments are demonstrating how blockchain, the distributed and immutable ledger behind virtual currencies, potentially could play an important role in identity management, says Avivah Litan, a Gartner Research analyst.
Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.
Facebook has taken several moves aimed at minimizing misuse of social media during the 2019 elections in India. But are the actions merely a marketing maneuver, or could they have a real impact?
The Gandcrab ransomware has been a moving target. Since it was discovered in January, it quickly became one of the most widely distributed file-encrypting malware programs. Researchers with Cisco say they've now found it seeded within legitimate websites, making its spread tougher to stop.
Security alert: Microsoft has issued updates to fix 67 unique flaws in its products. One vulnerability in Windows VBScript engine is already being actively exploited in the wild via malicious Word documents and could also be employed for attacks via websites and malvertising, Microsoft warns.
Incident response plans must be carefully designed to meet the needs of a specific organization, says attorney Ron Raether, who outlines important legal considerations.
This monthly Security Agenda will highlight some of the most recent additions to our course library. This month's edition features Federal Reserve's Jim Cunha on the future of secure payments. Another influencer, Amazon Web Services' Keith Carlson discusses future proofing against fraud. This edition also highlights...
Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.
The security industry is heavily reliant on old models that are breaking down, and trying to contort old tools to meet the needs of the new hybrid environment is difficult, says Leo Taddeo of Cyxtera.
Why do organizations need to take a top-down, risk-based approach to security? Sheetal Mehta of Wipro offers insights on optimizing security investments.
Security leaders need to align business goals and risks to be able to gain buy-in for security initiatives, which is the only way to achieve a cultural change in the organization, says Sameer Ratolikar, CISO of India's HDFC Bank.
What's it like to be the CISO of a security company? Mike Convertino of F5 Networks says if a CISO uses the company's products, he or she can provide valuable feedback for product development.
Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?
