Security News

Researchers identified the top seven success factors that boost enterprise security resilience, focusing on cultural, environmental, and solution-based factors that businesses leverage to achieve security. Resilience has emerged as a top priority as 62 percent of organizations surveyed said they had experienced a security event that impacted business in the past two years.

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. In October, Apple fixed a zero-day in the iOS Kernel.

Best industrial IoT security solutions FirstPoint Best for cellular IoT connectivity. FortiNAC is the network access control solution by Fortinet, which provides security for networks with IoT. Its security capabilities protect networks against IoT threats, enable control of third-party devices and come with automatic features that respond to different security-related stimuli.

Veracode has revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk-meaning they would cause a critical issue for the application if exploited. "Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code-and its potential impact on the application-provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training," said Chris Eng, Chief Research Officer at Veracode.

Security teams should onboard a SaaS Security Posture Management solution, like Adaptive Shield, that provides full visibility and control across a critical mass of SaaS apps in the SaaS stack. Security teams should be able to use the solution to gain context into security alerts and gain answers to questions like: Which users are subject to a certain misconfiguration? Are they admins? Is their MFA enabled? By having these answers at their fingertips, security teams can enforce company and industry policies to remediate potential risks from any misconfiguration.

In brief Let's start with the good news: according to a survey of security and business leaders, executives have become far more aware of the importance of cyber security in the past two years, better aligning security teams and leadership. It's been more of the same, cyber security firm LogRhythm wrote in its 2022 State of the Security Team report.

As companies undergo the shift to Kubernetes, security must be considered throughout the entire data lifecycle for IT teams who are constantly facing potential data breaches, delays, and inadequate security features that cannot easily be fixed: 94% of DevOps professionals experienced at least one Kubernetes security incident in the past year. As Kubernetes poses unique and complex challenges that leave many exposed to outside threats, developers must work to ensure their applications are safeguarded from outside risks.

Respondents overwhelmingly indicated that customers and partners are demanding higher standards, highlighting that security has evolved beyond internal consideration. Ninety-one percent reported that their company's security strategy and practices must now align to customers' security policies and standards.

Responding to the increasing complexity of the global cyberthreat environment, Apple has released three new security features: iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in early 2023.

Inadequate security testing and a lack of business logic have resulted in an overall rise in API security risks. The API threats to eCommerce security are potentially devastating to retailers and customers.