Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to...
NTT Security has signed a definitive agreement to acquire WhiteHat Security. NTT Security's Khiro Mishra and WhiteHat Security's Craig Hinkley say the deal will help bring more application security - and DevSecOps - products, services and smarts to more organizations.
As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps.
Here's free software built by the National Security Agency called Ghidra that reverse-engineers binary application files - all you have to do is install it on your system. So went the pitch from the NSA's Rob Joyce at this year's "Get Your Free NSA Reverse Engineering Tool" presentation at RSA Conference 2019.
In an exclusive interview, IBM Security GM Mary O'Brien talks with ISMG about her first year in this role, addressing the skills crisis, application security, the cloud and how to defend against cyberattacks.
Security needs to keep pace with the application development life cycle to avoid becoming a roadblock, and automation can play an important role, according to David Meltzer and Lamar Bailey of Tripwire.
Patch or perish, March edition: Microsoft releases fixes for 65 new vulnerabilities, including two that are being exploited in the wild. Also, Adobe issues updates for Photoshop and Digital Editions following a critical fix for a ColdFusion flaw that was being exploited in the wild.
Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, who describes the challenges in an interview.
Just days after Drupal warned of a "highly critical" flaw in its web services modules, hackers came calling, exploiting the content management system vulnerability to install cryptocurrency miners and other malicious software on sites, security experts warn.
Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code. The Drupal project team has released updates to fix the problem, which is already being targeted by hackers.