Security News

The IT audit director develops and schedules internal audits to measure and document whether those IT controls were followed as prescribed. This hiring kit from TechRepublic Premium can give your enterprise a head start on finding your ideal candidate for the IT audit director role.

Streamlining the audit process is not the only benefit of compliance automation. At the same time, automation improves your compliance and security posture as well as the productivity of your compliance program.

Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can let attackers steal information from customers' databases. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progress says in an advisory published today.

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.

Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break authentication or recover users' long-term private keys. The vulnerabilities have been fixed and Threema has since switched to a new communication protocol they designed with the help of external cryptographers.

Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization's environment that attackers could use to breach their networks. Dubbed Microsoft Defender External Attack Surface Management, this new product provides customers with an overview of their businesses' attack surface, making it simpler to discover vulnerabilities and block potential attack vectors.

Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. For IT admins, Kolide provides a single dashboard that lets you monitor the security of your entire fleet, whether they're running on Mac, Windows, or Linux.

If you're a cloud service vendor, you should be prepared to answer this question from your customers: How can you prove your security and privacy practices are truly secure? An external review validates your existing security practices.

UADAI arranges for collection of the biometrics needed to create an Aadhaar - ten fingerprints, two iris scans, and a facial photograph - through enrollment agencies and registrars and provides authentication-as-a-service using Aadhaar numbers. More than a billion Aadhaar IDs have been issued and over 99 per cent of India adults have enrolled in the scheme.

Attracting talent with nontraditional skills to audit is the top challenge for audit leaders this year, according to Gartner. A July 2021 survey of 166 audit leaders revealed that making the leap to more advanced analytics applications, improving IT auditing practices, and providing sufficient assurance over cybersecurity were also serious concerns for audit leaders in 2022.