Who owns application security?
In July 2018, F5 released its first annual Application Protection Report. As part of the report, F5 commissioned Ponemon to survey of 3,135 IT security practitioners across the world. The survey collected information about respondent’s application security processes. A key question asked for respondents to name their organization’s primary owner of application risk. In theory,…
Twitter adds support for login verification with USB security key
Twitter has some good news for users looking to improve the security of their account: the company has begun rolling out the “login verification with a security key” option. Twitter announced on Tuesday several new measures to fight abuse, trolls, and spam on the social network and, within that announcement, it offered advice on how…
How to Prioritize Security Vulnerabilities in SecDevOps
Software development has shifted into overdrive to keep pace with the demand for rapid releases. To meet this challenge, the industry has moved in recent years to the far more agile development and operations (DevOps) model, which has enabled companies to push out releases faster and more efficiently. However, more code means more vulnerability alerts….
Jump-Start Your Management of Known Vulnerabilities
Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications. The OWASP Foundation list brings some important questions to mind: Which vulnerability in the OWASP Foundation Top 10 has been the…
Malicious Apps Persistently Appearing on Google Play and Using Google Icons
Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported. The Google Play app store has a reputation as the safest place online to get Android apps, and Google does a good job of advising users to limit exposure to malware and other…
Uber Updates Bug Bounty Program
Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…
March’s Top Cybersecurity News Stories: Responding to Attacks, Women in Security and a New Community for Security Pros
Despite Growing Threats, Many Organizations Still Unprepared The vast majority of organizations still lack a formal cybersecurity incident response plan (CSIRP) that’s applied consistently across the organization, according to a new report from the Ponemon Institute. Paradoxically, the institute’s third annual study on cyber resilience found that organizations feel much more positive about their readiness than they did last…
Why You Should Drop Everything and Enable Two-Factor Authentication Immediately
If you haven’t done so already after seeing the title of this article, please stop reading immediately and enable two-factor authentication (2FA) on every system and service you use that allows it. The reality is that no matter how strong your password is — even that 48-character one with uppercase and lowercase letters, numbers and…
7 Ways to Prepare for a Cybersecurity Audit
Data breaches, phishing attacks, information disclosure – the Internet can be a scary place. Conducting a cybersecurity audit (or getting a third-party assessment) is a great way to understand your organization’s cybersecurity posture. But, like preparing any exam or review, getting ready for a cybersecurity audit can be intimidating. While every security assessment will be…
Apple Fixes Indian Character Crash Bug in iOS, macOS
Updates released by Apple on Monday for iOS, macOS, tvOS and watchOS patch a flaw that causes applications to crash when rendering specific strings of Indian characters. Someone noticed recently that displaying a string written in India’s Telugu language (జ్ఞా) caused many apps on iOS and macOS to crash. The list of impacted apps includes…