Many Medical Device Makers Skimp on Security Practices
Barely over a quarter of medical device companies surveyed maintain a software bill-of-materials, and less than half set security requirements at the design stage. ...
Sophos Buys Alert-Monitoring Automation Vendor
Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says. ...
Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management
UltraDNS Terraform Provider enhances productivity, change management. ...
FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain
Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement. ...
Early Discovery of Pipedream Malware a Success Story for Industrial Security
Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising. ...
Apple’s Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year. ...
NSA Employee Indicted for Sending Classified Data Outside the Agency
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions. ...
What You Need to Know About PCI DSS 4.0’s New Requirements
The updated security payment standard's goal is to “address emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says. ...
More Than Ever, Security Matters
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences. ...
Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks
CISA urges organizations using affected technologies to implement recommended mitigation measures. ...
Bug Bounty Radar // The latest bug bounty programs for April 2022
New web targets for the discerning hacker ...
GitLab addresses critical account hijack bug
Monthly release also addresses pair of stored XSS flaws ...
PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability ...
Latest web hacking tools – Q2 2022
We take a look at the latest additions to security researchers’ armory ...
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild ...
Half of Orgs Use Web Application Firewalls to Paper Over Flaws
WAFs remain a popular backfill for complex and fraught patch management. ...
Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks
The maintainer of a widely used npm module served up an unwelcome surprise for developers. ...
CyCognito Launches Exploit Intelligence
Risk intelligence solution provides insight, visibility, and guidance to identify, prioritize, and remediate vulnerabilities like Log4j ...
A Chance to Raise Shields Right
CISA's "Shields Up" alert provides urgency — and opportunity — for supply chain conversations. ...
Menlo Security: Less Than Three in 10 Organizations Are Equipped to Combat Growing Wave of Web-Based Cyber Threats
Report finds that 62 percent of IT decision makers have suffered a browser-based attack in the past 12 months. ...