Security News > 2022 > April
Developers remediate only 32% of vulnerabilities and 42% of them regularly push vulnerable code, a Tromzo report reveals. This is due to the high volume of false-positive alerts and their not...
On the one hand, security leaders and CISOs must be able to communicate strategies clearly - instructions, incident response plans, and security policies. More so than just talking about the dollar value of a security policy security leaders need to show the importance of processes, tasks, decisions, and how threats and other security risks impact the math.
A Trend Micro research revealed a constant battle for resources among malicious cryptocurrency mining groups. Unlike traditional cybercriminal business models, just a few hours of compromise can result in profits for the criminal.
Apple last week patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected. In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 and CVE-2022-22674 in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.
Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. "The threat actors use these fake e-shop applications to phish for banking credentials," ESET said.
In this video for Help Net Security, Jon Fielding, Managing Director at Apricorn, talks about a survey of thousands of Twitter users, around their personal and corporate data and backup habits, processes and procedures. The survey found that over 50% of respondents couldn't remember when, or even if, they have backed up any of their personal data.
Building in security intelligence needs to be part of these digital transformation discussions. What better time than right now for organizations to assess their security posture and inventory their assets? After all, good security implementations and security intelligence are critical for data transformation to occur.
Has cybersecurity training suffered a lot during this process? Cybersecurity and associated training programs should be ingrained within corporate policies and allocated the budget required to succeed - without investment from leadership, good intentions for enhancing cybersecurity training may never be translated into action.
According to this year's report, 84% of responding organizations are experiencing a shortfall of skilled IT security personnel. A whopping 83% of responding organizations are experiencing growth in their security budgets, up from 78% last year.
A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. "These findings show that developers regularly ignore security issues, but can we really blame them?" said Tromzo CTO Harshit Chitalia.