The 5th annual DevSecOps community survey for 2018 from Sonatype reveals heightened interest in DevSecOps practices after the recent surge of high profile breaches, as well as highlights security integration statistics among teams with mature DevSecOps workflows. In this blog post, we’ll discuss some of the important findings from the survey of 2...

A teenager faces upwards of 10 years in prison for downloading 7,000 freedom of information releases that contained people's sensitive personal information. On 11 April, Nova Scotia's police raided the home of a yet-unnamed 19-year-old. As many as 15 officers seized computer equipment from the teen, who lives with his parents and siblings and is in...

A newly issued patch plugs more than a dozen vulnerabilities that affect certain versions of an industrial multiport secure router series. On 13 April, Cisco Talos published a report revealing the security weaknesses as part of a coordinated disclosure strategy with Moxa, an automation solutions provider for companies seeking to get the most out of...

For those reading this who were cognizant of such topics as the Internet of Things (IoT) and security architecture back in 2016, you may have had some passing knowledge of the Mirai botnet attacks that showed us all just how risky the present client-server model of IoT can be. At issue is the reality that the vast majority of these kinds of networks...

ISO/IEC 27001 is a set of standards for information security management systems (ISMS) created by the International Organization for Standardization and the International Electrotechnical Commission, both independent, and non-governmental organizations. ISO/IEC 27001 is part of the broader ISO/IEC 27000 family, a set of standards designed to “[help]...

A shopper has filed a class-action lawsuit seeking at least $5 million in damages for a data breach that affected Saks Fifth Avenue and Lord & Taylor. According to Women's Wear Daily, shopper Antranik Mekerdijian filed a class action lawsuit against Hudson's Bay Company, owner of the two luxury...

UPDATED 05/04/18: Zuckerberg has since refuted this story in a call with reporters. As quoted by TechCrunch: Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in...

Online businesses of all sizes need to be able to accept payments today. This really is the only way in which you can buy and sell products and services without a physical presence. It's convenient and economical but there are also some risks associated with it because of the information being shared. Payment gateways are something that you must watch...

It appears we reached a global level of moral outrage surpassing a high warp factor during the week commencing 19th March 2018 with widespread news coverage of the machinations of Cambridge Analytica (CA). [I write as a long-time cynic who did not need to experience last week to know that “I am the product.”] We are all making choices daily – for...

On average, UK businesses lose around £30 billion every year as a result of cyber crime. Unfortunately, the risks are only getting greater and more prominent. Now is the time for you to act. Here are four vital tips for securing your SME in an online world. Identify All Threats “Cyber Risk Reviews must consider your IT in your facilities such as...

A US-based power company has agreed to pay a $2.7 million penalty after inadvertently exposing sensitive data online and violating energy industry cybersecurity standards. According to an electronic filing by the North American Electric Reliability Corporation (NERC) on Feb. 28, the unnamed utility reached the settlement with power regulators...

Public Key Infrastructure (PKI) is the glue that holds the internet together. As the internet has developed into a multi-faceted ecosystem with every single ‘thing’ now considered an internet-connected endpoint, PKI has also had to develop quickly in order to meet the demands of the market. Back in the early 2000s, there weren’t many regulations out...

This article is part 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats (human behavior) to the modern enterprise. Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity threat of malicious insiders. As...

Cloud computing has revolutionized the way businesses operate, and it is growing exponentially. The main advantages provided by this technology include cost optimization where there is no need for a capital expenditure upfront anymore and costs being further reduced by using economies of scale where a large number of organizations are sharing service...

On January 12, 2018, GSA (General Services Administration) posted a request for public comment regarding updates to the General Services Administration Acquisition Regulation that will include new cybersecurity compliance and reporting requirements for federal contractors that access data on unclassified systems. Two regulations in particular will...

Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” and logged data on those that were...

Many people view the Health and Safety at Work Act 1974 as unnecessary and burdensome, but its introduction has had a dramatic impact on reducing accidents in the workplace, particularly within industrial settings. Today, it controls the safety of equipment used on process plants, the time professional drivers may spend behind the wheel, and even...

Everyone in Silicon Valley and the tech industry, in general, is talking about “The Cloud.” “The Cloud” is something that’s not only trendy but also very useful for business. Why deal with the burden of running your own datacenters when companies like Amazon, Google and Microsoft offer third-party cloud services that will be less expensive for your...

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports—nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very...