Seattle police have charged an online retailer's "shopping experience" software programmer with engineering a fraud scheme based on the movie "Office Space," in which malicious software was used to transfer a fraction of every transaction into an outside account.
In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.
Phishing and other socially-engineered schemes are going to get bolder, the attack surface is only going to get bigger, and enterprises everywhere are going to have to focus more on building cyber resilience. These are among the New Year's predictions from Zoom's new CISO, Michael Adams.
Information Security Media Group asked some of the industry's leading cybersecurity experts about the trends to watch in 2023. Responses covered a variety of emerging threats and evolving trends affecting security technologies, leadership and regulation. Here is a look at the year ahead.
With application GRC more critical than ever in today's dynamic, dispersed environment, what are the critical capabilities needed in a solution? Keri Bowman of Saviynt offers six recommendations, including risk reporting and out-of-the-box rule sets and compliance management.
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
The $250 million acquisition of Cider Security will allow Palo Alto Networks to secure a piece of code from development to its implementation in a runtime environment. CEO Nikesh Arora says the company must understand the tool sets and open-source widgets coming into the customer's supply chain.
The U.K. government on Friday released voluntary code of practice that will be monitored for compliance. The guidelines tell operators and developers to ensure that apps receive updates to fix security vulnerabilities and call for every app developer to establish a vulnerability disclosure process.
Approov has landed a new CEO to help the mobile security upstart expand in the United States and capture more healthcare and financial services customers. The Silicon Valley-based company has captured high-profile European customers such as BMW from its development center in Scotland.
Akamai's acquisition of Guardicore allowed the company to extend from protecting public-facing web content and APIs to safeguarding internal applications and data, says CEO Tom Leighton. The $600 million deal will allow the Boston-area firm to blend its public-facing and internal security assets.
Software has increasingly relied on components developed by third parties or from open-source libraries, which Aqua Security CEO Dror Davidoff says injects additional risk. On-premises environments are still managed in more traditional ways, with the development and production phases totally siloed.
Organizations should build apps and design development workflows in a way that embraces how quickly cloud-native architectures change, says Snyk Solutions Engineer Iain Rose. Unlike traditional on-premises environments, containerized applications are designed to be ephemeral, Rose says.
The need for AWS security has increased as S3 buckets have evolved from a dumping ground for data to the home for critical cloud-native applications, says Clumio co-founder and CEO Poojan Kumar. Information in S3 buckets is susceptible to both accidental deletions and cyberattacks.
The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.
This edition of the ISMG Security Report discusses how Australian health insurer Medibank is facing stark consequences for not paying a ransom to a group of cyber extortionists, how to limit unnecessary cybersecurity exposure during M&A, and how to manage challenges in hybrid environments.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.