Despite the pandemic, boards are increasing investment in security, and organizations expect their security budgets to expand over the next year. Of the 900 global chief information security officers and information technology decision-makers tapped for Thycotic’s CISO Decisions survey, 77 percent said their boards have okayed investment in new security projects. The sentiment is driven…
Because it was prepared, Cyber Command was able to essentially “move from a centralized SOC to a managed, distributed environment,” said Quiessence Phillips, deputy CISO of the NYC Cyber Command.
The very anti-malware solutions meant to protect organizations for things like increasing privilege can be exploited to do just that. The solutions “may unintentionally assist malware in gaining more privileges on the system,” according to a CyberArk blog post penned by Eron Shimony. “The vast number of affected machines is troublesome; probably every Windows machine…
Bugcrowd CEO Ashish Gupta spoke with SC Media about his company’s support for Zoom’s bug bounty program and the strides he believes the teleconferencing platform has made to protect data and privacy.
A recent rash of cyberattacks against web commerce sites relying on Adobe’s Magento 1 platform underscores the criticality of having a strategy in place for securing technology no longer supported by the vendor.
Twitter warned developers that a bug could have exposed their API keys and access tokens in their browser’s cache. The social media platform told developers it doesn’t believe the apps and tokens have been compromised and that the problem had been fixed. “Prior to the fix, if you used a public or shared computer to…
Leaders from both the private and public sectors united to oppose a brief filed with the Supreme Court that they say could peg independent security researchers as threats –
and criminals.
An automated campaign Magecart campaign against 2,000 Magento stores over the weekend compromised the private information of thousands of customers and may very well be the largest attack of its kind since 2015. The hacks were typical Magecart attacks, but since many of the stores victimized had no prior history of security incidents, “this suggests…
Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…
A duo of vulnerabilities discovered in the MAGMI Magento plugin could result in remote code execution (RCE) on vulnerable sites using Magento. The flaws in the Magento database client used for raw bulk operations on online store models were found by researcher Enguerran Gillier, a member of the Tenable Web Application Security Team, according to…
