Security News

January 2021 Patch Tuesday forecast: New focus on security and software development
2021-01-08 08:21

Many predictions said we were due for another major cyberattack leading into 2021, but no one foresaw this type of attack and the impact it had, leading to a new focus on security and software development. The compromise of SolarWinds brings into question the security practices of all software developers, including topics such as patching of development machines, outsourcing of code development, control and understanding of code functionality through mergers and employee turnover, code reviews and other techniques to identify security issues and many others.

Caveonix raises $7.3M to continue innovation, market expansion and strategic partnership development
2021-01-06 01:00

The first digital risk management platform built for the hybrid cloud, Caveonix RiskForesight dramatically reduces overall cost of compliance by establishing a uniform Risk Management Control Plane that overlays an enterprise's data centers, private clouds, and public cloud deployments. Through this funding, Caveonix will continue expanding in several key areas of product and business development.

Datadog and Snyk unveil GitHub integration to automate software development workflow
2020-12-14 00:45

Datadog announced the Datadog Vulnerability Analysis GitHub Action, Datadog's first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow.

Avnet expands its product line for rapid IoT development by launching the AVT9152 module
2020-12-09 02:00

Avnet expanded its product line for rapid Internet of Things development with the launch of the AVT9152 module, designed for a range of embedded applications requiring cellular connectivity yet demanding low power consumption and minimal component size. "Our new module takes advantage of some of the industry's best SiP and SoC technology from Nordic Semiconductor to strike that balance for engineers. The AVT9152 is ideal for IoT applications when low power and small size are at a premium and is the latest addition to Avnet's robust technology ecosystem."

U.S., Australia Partner on Virtual Cyber Training Range Development
2020-12-07 13:10

The United States and Australia on Friday announced a partnership for the continuous development of a virtual cyber training range. The Cyber Training Capabilities Project Arrangement, which was signed on November 3, results in the incorporation of Australian Defense Force feedback into the U.S. Cyber Command's simulated training domain, the Persistent Cyber Training Environment.

(ISC)² adds new cybersecurity courses to its Professional Development Institute portfolio
2020-12-04 02:00

continued to build out its Professional Development Institute portfolio in 2020, which now includes 40 courses. These comprehensive online courses are developed to help the workforce continue to learn about the latest cybersecurity trends, practices and issues.

eBook: Secure Software Development
2020-11-23 03:30

Secure software development and DevSecOps are growing in importance as organizations increasingly rely on cloud infrastructures for critical applications. In the² eBook, The Art & Science of Secure Software Development, CSSLPs around the world share how becoming certified has helped them advance their careers - and avoid costly errors.

The effectiveness of vulnerability disclosure and exploit development
2020-11-19 06:00

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development. The analysis of 473 publicly exploited vulnerabilities challenges long-held assumptions of the security space - namely, disclosure of exploits before a patch is available does not create a sense of urgency among companies to fix the problem.

Guide: Security measures for IoT product development
2020-11-10 04:30

As organisations cannot always control the security measures of their supply chain partners, IoT supply chains have become a weak link for cybersecurity. "Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services. Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT," said Juhan Lepassaar, Executive Director, ENISA. In the context of the development of the guidelines, ENISA has conducted a survey that identifies the existence of untrusted third-party components and vendors, and the vulnerability management of third-party components as the two main threats to the IoT supply chain.

Development Bank of Seychelles Hit by Ransomware
2020-09-14 11:02

The Central Bank of Seychelles on Friday announced that the network of the Development Bank of Seychelles was recently targeted in a ransomware attack. CBS has been engaging with DBS to establish the exact nature and circumstances of the incident and closely monitor the developments, including the possible impact on DBS' operations," the bank said in a Friday announcement.