A Journey in Organizational Cyber Resilience Part 2: Business Continuity
Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic:…
How DevSecOps Can Secure Your CI/CD Pipeline
Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry…
12 database security landmines, failures, and mistakes that doom your data
In most enterprise stacks today, the database is where all our secrets wait. It’s part safe house, ready room, and staging ground for the bits that may be intensely personal or extremely valuable. Defending it against all incursions is one of the most important jobs for the database administrators, programmers, and DevOps teams that rely…
Apple Announces Delay of Child Protection Measures
The Silicon Valley giant had last month said iPhones and iPads would soon start detecting images containing child sexual abuse and reporting them as they are uploaded to its online storage in the United States. However, digital rights organizations quickly noted the tweaks to Apple’s operating systems create a potential “backdoor” into gadgets that could…
ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities
Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…
Adobe Plugs Critical Photoshop Security Flaws
The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software’s automatic updating mechanism. Adobe described the vulnerabilities as memory corruption issues with 7.8 CVSS scores. The company also shipped…
Adobe Warns of Critical Flaws in Magento, Connect
As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….
Microsoft Launches JIT-Free ‘Super Duper Secure Mode’ Edge Browser Experiment
The plan is to create a provocatively named “Super Duper Secure Mode” in Edge that deliberately disables support for the browser’s JavaScript JIT (Just-in-Time) compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test — available in Edge preview builds for select users — essentially rips out JIT, a feature that…
How to prepare your Windows network for a ransomware attack
Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. Planning for…
Building Effective Business Cases to Cover Cybersecurity Costs
With the global average cost of a data breach totaling $3.86 million in 2020, the topic of security continues to be a major pressure point and a board-level agenda item. So why do security programs still seem to lack adequate funding, urgency and support until a breach or lawsuit occurs or auditors demand change? Verizon’s…
