As attackers get increasingly sophisticated in reverse-engineering applications, it is imperative that enterprises secure trusted applications that are reaching back into the datacenter from beyond the perimeter, says Rusty Carter of Arxan Technologies.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.
In an in-depth interview, Golok Simli, CTO at India's Union Ministry of External Affairs, sizes up the shortcomings of the Information Technology Act, 2000 and discusses the ongoing challenges involved in protecting privacy.
Organizations are increasingly incorporating open source code elements into their software development to accommodate agile development methodologies and swift go-to-market requirements, but not many are addressing the security concerns that follow, says CA Veracode CTO Chris Wysopal.
The recent data breach impacting 150 million user accounts of Under Armour's MyFitnessPal application and website offers important lessons for mobile app developers, security expert Joan Pepin explains in this interview.
Organizations are developing new apps at the speed of business. But through the use of vulnerable code, they also are creating new risks just as fast. Chris Eng of CA Veracode offers new strategies and solutions to mitigate open source and third-party risks.
Under Armour says an unauthorized intruder gained access to information for the accounts of 150 million users of its MyFitnessPal mobile app and website. Learn why some fear the breach could lead to a massive phishing campaign.
The unfolding story of Cambridge Analytica, which shows how personal information on millions of consumers was obtained via Facebook, demonstrates the degree to which our personal data can be weaponized against us.
With modern agile development practices, such as DevOps, the time for development has been significantly reduced. So security can no longer be just a step in the process; it needs to be a continuous part of the development lifecycle, says CA Technologies' Ayman Sayed.
Penetration testing can help find vulnerabilities that aren't typically identified by scanning and other monitoring. But the testing comes with some risks, Duke Health CISO Chuck Kelser and pen tester John Nye explain in a joint interview.
Illegal transactions on the internet have long been conducted in the cryptocurrency bitcoin. But underground vendors are accepting new kinds of virtual currency that may be safer to store and offer more privacy protections, according to a new study of 150 dark web markets and forums.
With the explosive growth of the internet of things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks, who offers a strategy.
The web may be largely funded thanks to online advertising, but the threat posted by malicious advertisements continues to escalate. Indeed, the latest malvertising scheme, uncovered by security firm Confiant, served 1 billion malicious advertisements.
We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.
This edition of the ISMG Security Report takes a look at how ready healthcare organizations are for GDPR compliance. Also featured: comments from Alberto Yepez of Trident Capital on the 2018 outlook for information security companies and a summary of the latest financial fraud trends.