The big takeaway from the Kaseya supply chain/ransomware cyberattack
While the Kaseya, SolarWinds and other cyberattacks and global disruptors may appear dissimilar, having wildly varying causes and impacts, there is strategic value in considering them – and the supply chains they spread across – as a collective. Together, they represent a rapid learning opportunity for both adversaries and defenders – an open-source global weapons development program.
The beginning of a beautiful friendship: How the insurance industry can partner with IT to create true digital transformation
IT executives and senior leaders are key drivers of success. For an organization to quickly realize a tech vision and reap the benefits of digitization, leaders must have cutting-edge technical knowledge, a shared vision for change and, most critically, a people-focused approach that empowers the organization now and in the future.
New bugs could let attackers hijack Zimbra server
SonarSource cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra – email collaboration software used by global enterprises – that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
Ross Hosman joins Drata as CISO
Ross Hosman is taking over at Drata as Chief Information Security Officer (CISO) and will lead and grow the company’s security program.
API attack traffic has grown at triple the rate of overall API traffic
Salt Security released the Salt Labs State of API Security Report, Q3 2021, revealing significant challenges in addressing API security, with all customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.
Apple patches zero-day vulnerability in iOS, iPadOS and macOS
Apple has released security updates to address zero-day vulnerability exploited in the wild, impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher, BleepingComputer reports.
Google launches bug hunters community
To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.
5 minutes with Tim Danks – Global collaboration in cyber risk management is needed
Tim Danks, Huawei VP of Risk Management, discusses his thoughts on cybersecurity and the great need for global collaboration to build cyber risk management standards across the world.
Cloud incident response demands cloud native capabilities
In today’s business environment security is a fundamentally functional and non-functional requirement and cannot be an afterthought where issues are chased after systems are operational. That’s why it’s vital that best practices be implemented by companies from the onset of any cloud migration strategy: backed by a robust and real-time capability to plan, investigate, and respond to all security
Data privacy in the era of COVID-19 vaccine rollouts
Organizations are also navigating an increasingly complex regulatory landscape where failure to comply can and has led to costly fines, a damaged corporate reputation, and lost business opportunities. Data has truly proven to be an invaluable asset, but also an unbounded risk if not properly managed.
Majority of employees take cybersecurity shortcuts, despite knowing risks
Workers are engaging in risky behaviors which could put their company’s digital security at risk, despite knowing the dangers, a global survey of more than 8,000 employees has revealed.
66% of applications in the utilities sector have at least one exploitable security vulnerability per year
NTT Application Security released its six-month trend findings in its AppSec Stats Flash Vol. 7, reporting on the current state of application security and the wider threat landscape, including Window of Exposure (WoE), Vulnerability by Class, and Time to Fix.
New benchmark offers detailed comparison data for security programs
The Security Leadership Research Institute (SLRI) has released the results of its 2021 Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark.
More than one in three organizations say that they are experiencing more cyberattacks
Ransomware attacks have been increasingly in the headlines—and reaching historic levels of impact with the recent Colonial Pipeline and Kaseya attacks. Findings from the State of Cybersecurity 2021, Part 2 survey report from ISACA in partnership with HCL Technologies show that 35% of respondents report that their enterprises are experiencing more cyberattacks, three percentage points higher than l