Security News > 2023 > July

Smart CISOs are tapping into that enthusiasm and providing developers with the education pathways they want and need, with the payoff being a reduction in common vulnerabilities. The best CISOs know that upskilling is critical to success.

He emphasizes how a data privacy vault can reinforce customer trust by offering protection against data breaches and helping businesses comply with data protection regulations, ultimately leading to customer loyalty and satisfaction. Data privacy vaults are designed to store and manage sensitive data securely.

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. Relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation.

Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone to view, modify, enhance, and share.

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn't been a corresponding uptick in strategic measures to shore up cyber resilience. Organizations need cyber resilience and data security capabilities in place, too-to recover data and restore business operations and to do so fast.

Infosec in brief US senator Ron Wyden thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "Hold Microsoft responsible for its negligent cyber security practices." The Chinese hack of Microsoft's hosted email service, you may recall, occurred because suspected Chinese hackers were able to steal an encryption key used for Microsoft account services.

The Data Encryption Policy's purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks, and drives that access or store organization information to prevent unauthorized access to organization communications, email, records, files, databases, application data and other material. This policy from TechRepublic Premium can be customized as needed to fit the needs of your organization.

It's important to maintain accurate infrastructure inventories to assist secure and effective network administration. DON'T FORGET ABOUT FORGOTTEN SYSTEMS. It's common for technical network audits to surface forgotten systems.

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods. Once Google learns about it, it becomes an n-day, with the n reflecting the number of days since it became publicly known.

Microsoft has quietly announced an enhancement to the Edge browser's dark mode, making it even darker. The current dark mode, characterized by its grey tones, is set to be replaced with a richer black version, providing users with an even darker browsing experience.