Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company. It's workaday botnet data, but it highlights a hostile malware landscape, particularly for people still inclined to download pirated software.
“Work from anywhere” is a game changer, and it has significant impacts on certificate lifecycle management. Patrick Nohe of GlobalSign discusses the new, strategic approach security leaders need to take for CLM.
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
Vulnerabilities due to "coding errors" in a number of mobile banking applications make them all too susceptible to hacking and customer account data theft, the security firm Positive Technologies warns.
The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
Did security vendor Cylance lean too heavily on decade-old research into weaknesses in a still-used electronic voting machine in order to get pre-election day headlines? A company spokesperson says no.
"Align technology with businesses" is an old phrase. But information security is now part of this change, making strides to align with growth as a business enabler. Enter: the converged technology operations center.