A recently discovered flaw that undermines the security of numerous single sign-on (SSO) services has been patched by four major providers. But the risk remains for those who don’t install available patches and those for whom no patch is available yet.
It’s true that SSO’s major selling point is convenience, not security
It makes it easier, and much quicker, to sign into multiple applications, platforms, servers, and so on.
Posted in Data Breach | Comments Off on SSO flaw fixed for some, but risk remains
The record-breaking, 1.35 TB DDoS attack this past week against code repository GitHub, using Memcached servers—a few have sardonically labeled it Memcrashed—shouldn’t have happened.
Posted in Data Breach | Comments Off on The GitHub Memcached DDoS: It shouldn’t have happened
As malware attacks go, this one was relatively benign. But that doesn’t mean it shouldn’t be taken seriously.
Posted in Data Breach | Comments Off on Small crypto mining attack points to big browser problem
A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days.
Posted in Data Breach, Internet of Things, Software Architecture and Design | Comments Off on In an IoT-filled world, it’s time to be alert in the wake of ‘Hide ‘N Seek”
2017—a turbulent year in application security
From breaches making headlines to exciting new technologies, 2017 was abuzz with conversation around securing applications and the implications of access to personal data. We saw what can happen when sensitive data is not properly secured, providing a sharp reminder of why application security is so important. Looking ahead, we need to reflect on emerging threats, technologies, and practices in application security in 2017, so organizations can prepare for building secure applications in 2018.
Posted in Data Breach | Comments Off on The best way to secure applications in 2018? Learn from 2017
A few reasons for the increase in data breaches: Attackers are getting better, tools are getting more sophisticated, and the attack surface is growing.
Posted in Data Breach, Software Architecture and Design | Comments Off on 2017 saw an increase in data breaches (and most were preventable)
Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees.
Managing an SMB budget
Many factors affect the management of any budget. For an SMB, these factors include (but aren’t limited to) these:
Posted in Cloud Security, Data Breach, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?
Originally posted on SecurityWeek.
Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on Open source vulnerabilities: Are you prepared to run the race?
The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017.
Record number of vulnerabilities
The number of publicly disclosed vulnerabilities in 2017 far exceeds the number from any previous year. Below is a graph generated by the National Vulnerability Database that shows the number of publicly disclosed vulnerabilities by year:
Posted in Data Breach | Comments Off on Top security breaches of 2017 (+2018 cyber security predictions)
In July 2017, PayPal completed its acquisition of TIO Networks for $238 million. TIO Networks, a multichannel payment processor, serves over 16 million consumer bill pay accounts and offers solutions for payment services to financially underserved consumers and consumer services.
Posted in Data Breach, General | Comments Off on PayPal uncovers TIO Networks data breach affecting 1.6 million users