India's urban cooperative banks need to take a holistic approach to build a security governance structure, opt for an ASP services model and map their business-critical risks to comply with the RBI's security posture guidelines, according to a panel of experts.
Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.
Every Tuesday, Microsoft releases fixes for all vulnerabilities affecting Microsoft products, and this report compiles these releases into a year-long overview, creating a holistic view of trends related to vulnerabilities and how many Microsoft vulnerabilities could be mitigated if admin rights were removed from...
The Secure Access Service Edge - or SASE - model can help CISOs make incremental progress on enhancing security while designing a long-term strategy, says Siddharth Deshpande, director of security strategy for Asia-Pacific and Japan at Akamai Technologies.
Penetration Testing has been around for years, but many organizations are missing the mark when it comes to utilizing this security powerhouse. While they understand the need for a penetration test, organizations are challenged with understanding the right level of risk assessment for the organization, the ROI...
To battle against a surge in cybercrime during the COVID-19 pandemic, enterprises need to take several steps, including periodic vulnerability and risk assessment tests and regular audits, says Rajan Pant, founder of IT-SERT of Nepal. Pant also is calling on the government to take action.
The main methods that organizations use to verify that their systems and data are protected, are vulnerability scans and penetration tests. However, these do not provide a continuous and complete evaluation of an organization's security posture; especially when it comes to more sophisticated, multi-vector...
The government of India is testing a new instant messaging service for government officials to help ensure the confidentiality of official communications and prevent the leaking of sensitive information.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.
The DHS says the defacement of a U.S. government website over the weekend is not linked to Iranian state-sponsored actors. Attackers posted a pro-Iran message with a photo of President Donald Trump being punched in the face. The website, belonging to the Federal Depository Library Program, is now offline.