To prevent data breaches, practice these two fundamentals: shift left (perform application security testing early and often in your SDLC), and always patch.
Posted in Data Breach | Comments Off on Patch now or pay later: Report
The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.
Posted in Data Breach, Healthcare Security, Maturity Model (BSIMM) | Comments Off on More medical mega-breaches thanks to third-party insecurity
An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.
Posted in Data Breach, Software Architecture and Design | Comments Off on The Verizon DBIR and the art of the breach
The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy.
Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR: Not heavy-handed yet, but driving data breaches into the open
Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then.
Posted in Data Breach, Healthcare Security | Comments Off on Throwback Thursday: Whatever happened to Anthem?
Patching issues fast is a step toward software security. But as the Click2Gov breaches show, zero-day vulnerabilities resist even the most persistent patchers.
Posted in Data Breach | Comments Off on Click2Gov breaches show the power of zero-days
The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.
Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:
Posted in Data Breach, General | Comments Off on Cooking up digital privacy, indecent (data) exposure, and just another zero-day
Facebook CEO Mark Zuckerberg has had to use variations of the word “serious” a lot over the past year—most notoriously regarding the social media giant’s sale of member data to Cambridge Analytica, which was viewed as affecting the 2016 presidential election.
Posted in Data Breach | Comments Off on Things get ‘seriously’ insecure yet again for Facebook
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:
Posted in Data Breach, General | Comments Off on Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats