The retail industry’s cybersecurity preparedness continues to lag behind almost every other sector despite efforts by the major credit card associations to bolster retail security via the Payment Card Industry Data Security Standard (PCI DSS). Third-party risk management firm SecurityScorecard recently analyzed a total of 1,444 domains in the retail industry with an IP footprint…

The twin developments come as Facebook is under intense scrutiny over privacy following the Cambridge Analytica scandal earlier this year. Allegations that the political consultancy used personal information harvested from 87 million Facebook accounts have dented Facebook’s reputation. Since the scandal broke, Facebook has investigated thousands of apps and suspended more than 400 of them…

In July 2018, F5 released its first annual Application Protection Report. As part of the report, F5 commissioned Ponemon to survey of 3,135 IT security practitioners across the world. The survey collected information about respondent’s application security processes. A key question asked for respondents to name their organization’s primary owner of application risk. In theory,…

Software development has shifted into overdrive to keep pace with the demand for rapid releases. To meet this challenge, the industry has moved in recent years to the far more agile development and operations (DevOps) model, which has enabled companies to push out releases faster and more efficiently. However, more code means more vulnerability alerts….

Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…

Google researcher Tavis Ormandy discovered several critical vulnerabilities in the classic and web-based versions of BitTorrent’s uTorrent application. Patches have been released, but it appears that not all flaws have been fixed properly. Ormandy found that the uTorrent Classic and the uTorrent Web apps create an HTTP RPC server on ports 10000 and 19575, respectively….