A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.
Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.
The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing a new survey.
Social engineering is typically used to trick human beings to gain unauthorized access to computer networks and steal personal information, financial data or intellectual property. It is now becoming popular as a career option for ethical hackers, said Alethe Denis of Bishop Fox.
Many organizations are finally improving basic cyber hygiene, but the major problem facing defenders and governments is how to achieve scale across all sizes of businesses including nonprofits around the world, said Phil Reitinger, CEO and president of Global Cyber Alliance.
2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. Organizations are struggling with prioritizing hardware and software vulnerabilities.
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
Hackers are attempting to infect a consumer-grade Wi-Fi router model with Mirai botnet malware following the discovery of zero-days in the device in a December hacking competition. TP-Link released a patch in mid-March. Telemetry shows infections in Eastern Europe and elsewhere.
In today's development environment, securing web applications is crucial. Traditional application security testing techniques like DAST can be inaccurate and generate many false positives. Interactive Application Security Testing (IAST) offers a more advanced and accurate approach to testing application...
Among the flaws in the traditional approach to pentests is that they are conducted too infrequently and vary greatly in terms of quality, depending on the experience of the pentester. They often lack sufficient breadth and depth to provide real assurance that no security holes remain undetected, and they take a long...
When the Desert Research Institute (DRI) of Reno, NV, a higher education organization focusing on applied environmental research, needed a way to run penetration testing and vulnerability scanning at an affordable cost, they looked towards a way to integrate both processes
As a soft funded organization, DRI is...
At Regina International Airport, everything that has a network cable, wireless signal, or power cord is something Sean McKim, Manager of Technology, cares about. With over 1,700 IP addresses on the corporate side and fluctuating numbers of visitors moving though the airport every single day – YQR is Canada’s 15th...
Most mature security organizations perform some regular penetration testing by internal teams, consulting, or both. However, in today’s realm of fast-moving technology changes and complex on-premises and cloud infrastructure, performing regular pen tests can be challenging for a variety of reasons.
First, most...
When it comes to vulnerability management, gone are the days when basic scanners were enough. Security teams must fend off increasingly sophisticated threats while making the most of their staff and budget. This requires the high level of accuracy, automation, and efficacy that only enterprise-grade, risk-based...
The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.