Security News

SAP and IBM have changed the hiring and onboarding process to open up more jobs to non-traditional candidates.

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Pwn2Own is a bug bounty program with a twist.

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or compatible. What exactly are each of these security models, and how can companies determine which one will be more appropriate for their security teams as they seek to protect the broader business from cyber threats?

Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin finds. 72% of retail brands around the world expect to grow fraud teams in the next year, while 76% predict their budget to tackle fraud will increase in the next 12 months - with 20% expecting a "Significant" increase.

Like most companies, you've already come across its shortcoming - and these are amplified since you have a small security team. According to a Cynet 2021 survey of CISOs with small security teams, the biggest pain point in operating threat protection products selected by 51% of companies, and with a significant gap of 38% from the second place, is the overlapping capabilities of disparate technologies.

Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it's willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data.

Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform. The tech giant is offering rewards for vulnerabilities in the Teams desktop client as part of its Application Bounty Program, which will feature additional app-related bounties in the future.

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings.

"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fueled explosion in distributed and remote work has created a perfect storm for network security teams," said Satin H. Mirchandani, President and CEO of FireMon. Five major areas for network security investment Automation - More than 50 percent of organizations are currently investing in automating policy management to safeguard against inefficient and risky functions and 79 percent say they'll implement security orchestration and automation within two years to improve agility and responsiveness.