Security News > 2022 > April

Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case you’re wondering, no, that is...

Emma Sleep Company has confirmed to The Reg that it suffered a Magecart attack which enabled ne'er-do-wells to skim customers' credit or debit card data from its website. The company confirmed to us it was a Magecart attack via the ubiquitous Adobe Magento e-commerce platform.

Veracode analyzed data from 20 million scans across half a million applications, which revealed that the public sector has the highest proportion of security flaws in its applications, and fix rates are low too. 60% of flaws in third-party libraries in the public sector remain unfixed after two years.

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

In this Help Net Security video, Nong Li, CEO at Okera, talks about the challenges of using and managing consumer data and PII. As consumer and PII data get tracked more and more, businesses can drive value and transform how they operate by leveraging some of that data. What is essential for organizations is that, while leveraging this data, they must make sure to follow data compliance regulations.

Where should the CISO report for maximum effect? How does the CISO gain that valuable seat at the executive table, and a regularly scheduled time slot every quarter in front of the board? Is it possible that broad technical competency may be superior to deep technical expertise for this C-level role? And if you are the CISO who thought you signed up for an IT-centric, inward-facing role, I have a few nation-state and cybercriminal actors to introduce to you. It's clear that your organization's brand is as much an asset as the devices and networks that the CISO is charged with protecting - in fact, the brand may be your organization's largest single asset.

In this interview with Help Net Security, Zur Ulianitzky, Head of Security Research at XM CYber, gives insights on new and less talked about cybersecurity risks organizations should look out for, and what should they do keep themselves secure and protected from these threats. We are seeing many cybersecurity risks taking the spotlight recently, but what about new and less discussed ones?

Veracode has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. The research found that compared to other industries, the public sector has the highest proportion of applications with security flaws, at 82 percent.

Rocket Software released a report, based on a survey of over 500 U.S. IT professionals in firms using mainframes focused on their priorities, challenges and plans for leveraging their mainframes going forward, which illustrates just how critical the mainframe continues to be for businesses today. Modernizing the mainframe plays a critical role in helping businesses overcome some of their most pressing challenges, including protecting their investments in technology, closing the skills gap and integrating new technology for a unified IT environment.

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. Researchers analyze thousands of vulnerabilities each year to understand root causes, dispel misconceptions, and share information on why certain flaws are more likely to be exploited than others.