Security News

Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle
2020-07-10 00:29

A notice emitted by the certificate biz explained that a number of its intermediate certificate authorities had issued EV certs to customers despite not being included in DigiCert's WebTrust audits - which goes against the rules for EV certs. "Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT.".

A Boxcryptor audit shows no critical weaknesses in the software
2020-07-01 00:15

During the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation. The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code.

ISACA unveils new audit program for effective incident management
2020-03-05 02:00

In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas-like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customizable spreadsheet.

Live Webinar | The Evolution of IT Audit: Continuous Compliance for Financial Institutions
2020-01-17 17:03

PCI DSS Compliance Between Audits is Declining: Verizon
2019-11-12 17:14

Companies subject to PCI DSS security requirements are audited once per year, yet many of these companies continue to be breached. It is not that PCI DSS fails, but that companies fail to maintain...

Top concerns for audit executives? Cyber risks and data governance
2019-11-12 05:30

As organizations continue to collect customer and employee data, chief audit executives (CAEs) are increasingly concerned about how to govern and protect it. Gartner conducted interviews and...

Key challenges impacting IT audit pros navigating an evolving risk landscape
2019-10-17 05:30

Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide. Asked to identify their biggest technology...

Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator
2019-10-09 16:48

A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator. read more

HITRUST issues guidance for relying on work of internal audit departments in CSF assessments
2019-09-16 02:15

HITRUST, a leading data protection standards development and certification organization, released updated guidance for placing reliance on the results of previously performed audits, assessments,...

Kubernetes security matures: Inside the project’s first audit
2019-08-12 05:15

Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit...