To mitigate the newly discovered Bash bug - AKA Shellshock - which may make millions of systems vulnerable to remote takeover, organizations must take several key steps, says security expert Alan Woodward.
Initial reports suggested that Russian hackers could behind an attack against JPMorgan Chase, and perhaps other U.S. banks. While it's still far from clear who the culprits are, experts discuss the potential hacking motivations of a nation-state.
As more organizations accommodate employees' demands to use mobile devices, ensuring the security of the applications on those smart phones and tablets has become critical. That's why NIST is developing new apps testing guidance.
For too long, code writers have been measured on the features built into their applications - not the potential security vulnerabilities. It's time to change that perspective, says Maty Siman of Checkmarx.
Target needs someone who is up for the challenge of evaluating the entire security landscape of the global retail giant, asking tough questions, making changes to mitigate risk - all to help earn back trust.
The fact that the U.S. federal government would, under some circumstances, exploit software vulnerabilities to attack cyber-adversaries didn't perturb a number of IT security providers attending the 2014 Infosecurity Europe conference in London.
A hot topic among U.S. federal government security managers and other infosec pros is developing a process to vet mobile applications. The National Institute of Standards and Technology is offering a solution called AppVet.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
Senior leaders in business and government are buying in to the need for more cybersecurity investments as well as threat-intelligence sharing, new research shows. But why are they still struggling to hire the right security pros?