Are employees the weakest link in your security strategy? Train them!
Email is the number one threat vector. There’s no exception, even with a global pandemic, on the contrary: COVID-19 has been used as an appealing hook by cyber criminals. Data from Trend Micro Smart Protection Network shows that for the first five months of 2020, 92 per cent of all the cyber threats leveraging COVID-19…
Black Duck continues to expand vulnerability prioritization methods
Black Duck has always recognized the importance of prioritizing open source security tasks by providing several key data points to help customers focus on what’s most critical. After all, with over 40 new software vulnerabilities being uncovered every day, it’s easy to become overwhelmed. In addition to offering detailed descriptions, expanded severity scoring, exploit information,…
How to secure vulnerable printers on a Windows network
At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. In 2010, one of the vulnerabilities Stuxnet used was a remote code execution on a computer with printer sharing enabled. To reach Iran’s centrifuges, Stuxnet exploited a…
Is now the time to deploy passwordless options?
Over the past several years, experts have recognized that perhaps the best password strategy for your application logins is to have no password at all, what has been often labeled as “passwordless.” It is a bit of a misnomer, as you’ll see as we investigate the commercial options. The passwordless concept has seen various innovations,…
The cybersecurity skills shortage is getting worse
For the past four years, ESG and the Information Systems Security Association (ISSA) collaborated on a research project focused on the experiences, opinions, and careers of cybersecurity professionals (download this year’s report). At the risk of appearing like Chicken Little, I am quite alarmed. The security industry continues to address major issues with a combination…
New Vulnerability Could Put IoT Devices at Risk
Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices span parts of Industrial Control Systems (ICS) that impact the physical world, assist us in our daily lives at home and monitor and automate everything from energy…
3 tips to increase speed and minimize risk when making IT decisions
There is nothing like a crisis to create a sense of urgency and spawn actions. This is especially true for enterprise IT teams, who are tasked with new responsibilities and critical decisions. Speed matters in the heat of the moment and many leaders may not take the necessary steps to assess the risk of their…
4 best practices to avoid vulnerabilities in open-source code
This year presented even more challenges for ensuring the integrity and security of open-source ecosystems. Open source has been the greatest boon to developers in that virtually anyone can use and customize it, typically at no cost, and contribute to the community. What has been a means of ensuring greater transparency, security and promoting developer…
SAP Releases August 2020 Security Updates
The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issue has a CVSS score of 9. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to…
Businesses prioritize security and collaboration tools to manage sustained remote work environments
77 percent of IT professionals believe they were prepared to manage the rapid shift to remote work during the COVID-19 outbreak, according to TeamViewer. Among those surveyed, the percentage working from home had abruptly jumped from 28 percent prior to the pandemic to 71 percent during the outbreak. The survey included more than 200 IT…
