Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
Achieving Velocity Requires a Modernized Approach to Application Security
Digital transformation initiatives are forcing development teams to make tough decisions between meeting time-to-market needs and mitigating risk. Exacerbating the issue is that developers often lack the knowledge to mitigate the risks...
The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.
Merger and acquisition activity picked up in September with BitSight, Tenable and Mastercard, all making deals. Moody's became BitSight's largest shareholder after making a $250 million investment in the company.
Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists. But a few changes to iMessage could make it safer overall for individuals at high risk of surveillance, says an Apple security expert.
A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change. Currently, the position of CISA director lacks a set term.
The speed of your modern application deployment shouldn’t mean compromising on security. Discover how you can balance fluid business operations and security and compliance using a lightweight application security solution built for modern app environments.
Achieve DevSecOps today : Like the ‘build once, run...
Traditional application development saw security teams apply their policies and carry out checks at the end of the process. With microservices running in containers, communicating via APIs and deployed via automated CI/CD pipelines, it is impossible for traditional approaches to security to cope with the pace of...
The U.S. Department of Commerce this week announced the establishment of an artificial intelligence advisory committee set to counsel President Joe Biden and other federal agencies on issues ranging from privacy concerns to data security, along with global competition and inherent biases.
Nine months after discover of the attack that targeted SolarWinds and clients of its network monitoring tool, the incident continues to spur investigations into what happened. The SEC is reportedly probing those businesses involved, and lawmakers want answers about the breach of DOJ emails.
The possibility of a terrorist group launching a massive Sept. 11, 2001-scale cyberattack against the U.S. or an ally has been a concern for years, but cybersecurity pros with a background in intelligence and military affairs say such worries are likely unwarranted.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.
In a manufacturing setting where most employees are not IT savvy, building cybersecurity awareness is essential, says Mansi Thapar, global CISO and DPO, at Jaquar Group, an India-based manufacturer.
Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.
