With the new PCI standards, the Payment Card Industry Security Standards Council intends to reduce credit card fraud. But the new standards may not be enough.
The worst data privacy threat today isn’t data breach but data abuse. Organizations are using AI to learn more about us than we’d ever choose to tell them.
The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?
SEC security measures, or cyber enforcement actions, are powerful incentives for financial institutions to protect investments and data from theft and fraud.
The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.
California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]
On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material […]
A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]
Posted in Security Standards and Compliance | Comments Off on Remediating XSS: Does a single fix work?
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below: What’s in this week’s Security Mashup, you ask? Cryptocurrency exchange Bancor gets targeted by hackers and loses $23.5 million, two new subvariants of Spectre vulnerabilities have been discovered, […]
Posted in Medical Device Security, Security Standards and Compliance, Weekly Security Mashup | Comments Off on Hackers target cryptocurrency exchange, new Spectre vulnerabilities, and healthier healthcare
Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]