Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk.
Researchers say hackers are increasingly using Indian government websites to mine cryptocurrencies. Security experts urge government authorities to take steps to mitigate the risks of cryptojacking, which can cause performance problems.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
In addition to its use for improving cloud security, cloud access security broker software can play a role in managing shadow IT and controlling sanctioned IT, says Satyavathi Divadari, director of cybersecurity at Cognizant Technology Solutions.
More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.
India is seeing a surge in government website defacements and data leaks that apparently are tied to nation-states. But if key stakeholders from all sectors collaborate, using appropriate skills and technologies, they can fight off these threats.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
The National Payment Corporation of India, the umbrella organization for all retail payments systems, has asked banks to discontinue Aadhaar-based payments through Unified Payments Interface and Immediate Payment System channels.
Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.
The issue of access management and vulnerable software applications has come back to haunt the Unique Identification Authority of India which manages the Aadhaar database containing biometrics and personal information of over 1 billion Indians.
The recent case in which Singapore's OCBC bank suffered a few hours of outage because of an apparent lack of proper monitoring could lead to bigger security issues unless the management and security team of the bank take appropriate steps.