Security News

Australia is building a digital ID and information verification system called Trust Exchange, or TEx, that will see the Government verifying customer details for businesses via a smartphone app.

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges....

A new study finds that these threats remain top of mind for 78% of U.S. technology leaders as more SaaS apps find their way into the enterprise. Although enterprises have been prioritizing data privacy and security, their continued reliance on SaaS and cloud offerings means they remain at risk, according to the The SaaS Disruption Report: Security & Data by Onymos and Enterprise Strategy Group.

In this Help Net Security video, Mike Lexa, CISO and Global VP of IT Infrastructure and Operations at CNH, discusses how the federal government is taking food security more seriously and what steps must be taken to prioritize security measures. What might happen if our food systems were disrupted?

According to user reports following this month's Patch Tuesday, the August 2024 Windows security updates are breaking dual boot on some Linux systems with Secure Boot enabled. [...]

ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.

Any regional cultural differences, the particular industry sector, the underlying company structure, the lack of awareness and knowledge of security norms, and conflicting business priorities, can all weigh on any planned change to team culture and security behaviors. Traditionally, the security function has been perceived as the department of "No." Therefore, the primary goal of the security team must be to replace this rules-bound, inflexible, autocratic perception of the security function to one that is open, transparent, positive, creative and collaborative.

To truly harness the most benefit from AI in application security, security professionals should adopt an application-centric approach that automates change management processes, identifies security risks, and ensures compliance. AI's limitations in application security stem from the need for high-quality data to train AI models and the significant possibility of false positives at scale.

Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. 35% of exposed API keys still active, posing major security risks.

With the increasing reliance on complex and global supply chains, more companies are exposed to a wide range of risks, including theft, counterfeiting, cyberattacks, natural disasters, geopolitical conflicts, and regulatory changes. This customizable policy, written by Franklin Okeke for TechRepublic Premium, outlines the necessary measures and standards that will enhance the resilience of a supply chain.