Twitter security exec-turned-whistleblower Peiter Zatko today listed alleged security and privacy shortcomings of the social media company for a Senate panel. "It's not farfetched to say that an employee inside the company could take over the accounts of all of the senators in this room," he said.
Over the past few years, the concept of vulnerability management has grown beyond crucial network scans to include the security of applications and a growing number of endpoints. It’s the cornerstone of a proactive security strategy that incorporates the best of both offensive and defensive security tactics.
The national network for connecting medical centers with donated human organs faces doubts about its ability to secure data amid concerns about its IT infrastructure. A federal watchdog has reviewed the Health Resources and Services Administration and United Network of Organ Sharing.
Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.
Britain's Conservative Party is holding a leadership contest, with the winner set to become the country's next prime minister. But the balloting process has been delayed after the National Cyber Security Center warned that hackers could abuse a process allowing members to change their online vote.
Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.
Our security experts predict an action-packed year, and suggest you buckle your seatbelt. Get the latest on key trends, including:
Ransomware + supply chain = big new challenges.
Are cloud providers too ripe a target?
Threat intel is in for a makeover.
Most of what you need to know about security you’ve...
As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom expressed a need to update the law, last modified in 2014, and focus more on outcomes than on processes and compliance.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.
John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.
Threat actors are focusing a lot on Active Directory today as it is a path for them to reach an organisations key data & applications. The versatility of Active Directory makes it a crucial target for hackers. Organisations learn new ways on how to protect this valuable target and mitigate the risks. Organisations...
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings.
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.