75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in VulnerabilitiesAI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.
CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.
Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On AccessA surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among the services being targeted.
Security chief says criminals are already automating workflows, with full end-to-end tools likely within years CISOs must prepare for "a really different world" where cybercriminals can reliably automate cyberattacks at scale, according to a senior Googler.…
The botnet’s still alive and evolving Badbox 2.0, the botnet that infected millions of smart TV boxes and connected devices before private security researchers and law enforcement partially disrupted its infrastructure, is readying for a third round of fraud and digital attacks, according to one of the threat hunters who uncovered the original scheme.…
Attorney Jonathan Armstrong on AI Security, Legal Risks Related to EU AI ActAI regulation is evolving fast, and many businesses may already be violating key provisions without realizing it. Jonathan Armstrong, partner at Punter Southall Law, warns that companies may be using high-risk AI applications without security teams even knowing.
Expect Malicious Insiders to Pose 'Big Challenge' This Year for CISOs, Expert WarnsThe current "tumultuous environment" for employees and job-seekers across business and government - with numerous layoffs, economic concerns and political chaos - is increasing the risk posed by trusted insiders, making for a "big challenge for CISOs this year," says Forrester's Allie Mellen.
CISO Jon France on Talent Shortage, Skills Gap in ISC2's 2024 Workforce StudyISC2’s 2024 Cybersecurity Workforce Study warns of a stagnant workforce, a growing skills gap and a shortage of 4.8 million cybersecurity professionals worldwide. Despite increasing demand, many organizations struggle to fill critical roles, hindered by budget constraints and skills shortages.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Rockwell's dire ICS warning; a red alert on biometrics; cybersecurity for the Hajj season.
Large language models promise to enhance secure software development life cycles, but there are unintended risks as well, CISO warns at RSAC.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.