Security needs to keep pace with the application development life cycle to avoid becoming a roadblock, and automation can play an important role, according to David Meltzer and Lamar Bailey of Tripwire.
A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report.
Patch or perish, March edition: Microsoft releases fixes for 65 new vulnerabilities, including two that are being exploited in the wild. Also, Adobe issues updates for Photoshop and Digital Editions following a critical fix for a ColdFusion flaw that was being exploited in the wild.
Automation is the first step toward full-blown machine learning and artificial intelligence. But unfortunately, automation already is being weaponized for malicious purposes, says Fortinet's Derek Manky.
As security and business leaders find a new common language in the discussion of business risk, enterprises need to revisit how they assess, measure and communicate cyber risk, says Kevin Flynn of Tenable.
Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructure.
Too many organizations continue to approach security with a "perimeter defense" mindset despite enterprise networks long having moved past on-premises data centers to myriad cloud services, says Ajay Arora of Vera Security.
Many security leaders recognize the flaws in traditional awareness training, but what is anybody actually doing about it? Keenan Skelly of Circadence describes a new approach that she believes has changed the cybersecurity education paradigm.