The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The way many organizations have handled digital onboarding is fraught with risk - including fraud. But Husayn Kassai, CEO of Onfido, envisions a new future that includes a healthy amount of friction and greater security.
Traditionally, enterprises have built networks and then added security elements. But in what he describes as "the third generation of security," Fortinet's John Maddison promotes a model of security-driven networking. Hear how this can improve an organization's security posture.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
Typically, organizations see automated or manual attacks - one type or the other. But increasingly cyberattackers are striking with blended attacks, and the growth and impact of these strikes is concerning. Dan Schiappa of Sophos discusses how to improve detection and defense.
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis.
The good news is: The development of new malware exploits has slowed considerably. The bad news is: That's because the old ones still continue to work so effectively. Adam Kujawa of Malwarebytes Labs talks about the evolution of ransomware and other successful exploits.
Access risk: Security leaders understand their governance and technology challenges. But addressing them with new automated tools - and selling these new processes within their organizations? Those are the problems attendees attempted to solve at a recent dinner in Philadelphia.
The latest edition of the ISMG Security Report describes how a Facebook Marketplace glitch created serious privacy issues. Plus: An update on the activities of the FBI's Recovery Asset Team and HSBC whistleblower Everett Stern's preview of keynote address at upcoming ISMG Fraud and Breach Summit in Chicago.
Everett Stern, the whistleblower who called attention to HSBC's international money laundering activities, which ultimately resulted in a $1.9 billion fine, says the crackdown on financial fraud still has a long way to go. He'll be the keynoter at ISMG's Fraud and Breach Summit in Chicago on May 14.
The advent of faster payments has helped accelerate authorized push payment fraud schemes in which victims are defrauded under false pretenses. Banking regulators are responding to the trend, and Rob Tharle of NICE Actimize offers advice for multilayered defense.
Mitigating medical device cybersecurity risks can be a matter of life and death, warns federal adviser and security expert Anura Fernando, who says ensuring that medical device network connections are properly managed, monitored and secured is "much like keeping a weapon in a safe with the safety on."