Software Security
March 7, 2024
Via: InformationWeekSecurity professionals frequently use the “weakest link in a chain” adage as the basis for their approach to safeguarding their networks, corporate data, and enterprise IT resources. And in many cases, the weakest link that concerns them the most is […]
March 6, 2024
Via: CIORead our top tips on how employees can play a key role securing the enterprise when working remotely. Hybrid and remote working have become a permanent feature for the majority of businesses, as shown by multiple studies. However, for IT […]
February 19, 2024
Via: ZDnetI’ve been using Linux as my primary operating system since 1997 and I have never installed a desktop antivirus solution on any computer. The only exception to that rule has been when I deploy a Linux mail or file server, […]
February 6, 2024
Via: TechBullionThere are several parallels between real viruses and computer viruses. Antivirus software, which offers comprehensive protection throughout the year, is essential for keeping your data and PCs safe from viruses and other dangers. Antivirus software may check for and eliminate […]
January 30, 2024
Via: InfoWorldLast year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the […]
January 24, 2024
Via: InfoWorldApplication security company Mobb has released an automatic vulnerability fixer for GitHub users. The tool monitors GitHub pull requests and offers code fixes within software development workflows. Unveiled January 23, Mobb Fixer provides developers with code fixes for security alerts […]
December 21, 2023
Via: InformationWeekNetwork equipment giant Cisco on Thursday announced its next big cloud play with a plan to purchase open-source cloud networking and security firm Isovalent to boost its secure networking capabilities across public clouds. Cisco says its acquisition, expected to close […]
December 18, 2023
Via: InfoWorldI recently moderated a session for the CSO Cybersecurity Summit on building resilience and addressing employee anxiety amid organizational transformation. My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief […]
December 12, 2023
Via: TechSpotOver the past few days, many users have been pouring onto social media platforms and online message boards, complaining that their PC is freezing up randomly if they are running Avira as their AV software of choice. One affected user […]
December 5, 2023
Via: Ars TechnicaIt has now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords. 23andMe previously disclosed in a Securities and Exchange Commission filing that 0.1 […]
December 4, 2023
Via: InfoWorldIt’s been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. The question is, how far has security come since then? Do DevSecOps teams have […]
November 14, 2023
Via: InfoWorldThe emergence of cloud-native architectures has dramatically changed the ways applications are developed, deployed, and managed. While cloud-native architectures offer significant benefits in terms of scalability, elasticity, and flexibility, they also introduce unique security challenges. These challenges often diverge from […]
November 7, 2023
Via: InfoQIsovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity. Tetragon can […]
November 2, 2023
Via: InfoWorldIn today’s rapidly transforming digital world, APIs have become the linchpin for quick delivery of business functionality. These digital connectors underpin much of the enterprise innovation we witness today, from seamless customer experiences to integrated partner ecosystems. Yet, as the […]
October 31, 2023
Via: CIOWhen an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover® […]
October 18, 2023
Via: Ars TechnicaThe Google Play Store might not be perfect for stopping Android malware, but its collection of scanning, app reviews, and developer requirements makes it a lot safer than the wider, unfiltered Internet. The world outside Google’s walled garden has no […]
October 5, 2023
Via: ZDnetBastionZero’s OpenPubkey, which is a new cryptographic protocol that’s designed to fortify the open-source software ecosystem, is now a Linux Foundation open-source project. Docker is also integrating OpenPubkey, so that you can use it for container signing. This innovative cryptographic […]
August 31, 2023
Via: InfoQThe Open Source Consumption Manifesto from OpenSSF aims to make the software industry more aware of its responsibility when it comes to ensuring the software supply chain remains secure and healthy. The importance of open source software today cannot be […]
August 11, 2023
Via: InfoQKey pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106. This helps preventing man-in-the-middle attacks against […]
July 24, 2023
Via: InfoWorldThe Log4j vulnerability in December 2021 spotlighted the software supply chain as a massively neglected security surface area. It revealed just how interconnected our software artifacts are, and how our systems are only as secure as their weakest links. It […]