June 2020 Patch Tuesday forecast: Steady as she goes
It’s hard to believe we’re almost halfway through our 2020 Patch Tuesdays already. Working from home has a strange effect on time – each day seems very long, but the weeks are …
Attackers tried to grab WordPress configuration files from over a million sites
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab …
New infosec products of the week: June 5, 2020
Checkmarx SCA: New SaaS-based software composition analysis solution CxSCA leverages Checkmarx’s source code analysis and automation capabilities, empowering security and …
Despite investing in DevOps tools and practices, teams still encounter customer-impacting errors
An overwhelming majority of organizations prioritize software quality over speed, yet still experience customer-impacting issues regularly, according to OverOps. The report, …
Understanding cyber threats to APIs
This is the fourth of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …
Digital transformation drives middle market resiliency
Digital transformation has tipped from buzzword to baseline in the middle market, and not a moment too soon. As the COVID-19 pandemic threatens the health of people and …
Enterprise mobile phishing increased by 37% in Q1 2020
There was a 37 percent increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020, according to Lookout. …
Cisco plugs bucketful of security holes in industrial routers, switches
Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company’s carrier-grade and industrial …
Zoom to offer end-to-end encryption only to paying customers
As Zoom continues on its path to bring end-to-end encryption (E2EE) to users, the big news is that only paid users will have access to the option. “Free users for sure we …
Office 365 users: Beware of fake company emails delivering a new VPN configuration
Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into …
Cooking up secure code: A foolproof recipe for open source
The use of open source code in modern software has become nearly ubiquitous. It makes perfect sense: facing ever-increasing pressures to accelerate the rate at which new …
Researchers develop IoT security and privacy label
When hungry consumers want to know how many calories are in a bag of chips, they can check the nutrition label on the bag. When those same consumers want to check the security …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade