All software has bugs. But some software has more bugs than others. And some organizations are better at finding and fixing those bugs. Just not those in the public sector. Veracode, the code scanning tool/defect finding tool vendor scans a lot of apps a lot of times. Here is a bit of data that should […]
Continue reading → [DISPLAY_ACURAX_ICONS]Security folks (like me) have been telling people for years that passwords are just not secure enough anymore. Now we have another reason that is true. Companies have been promoting single sign on as a way around the insecurity of passwords, but now, even that is not secure anymore. Multifactor authentication helps, but even that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading → [DISPLAY_ACURAX_ICONS]The National Institute of Standards and Technology (NIST) announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments. The guide, titled Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, is a collaboration between NIST and many […]
Continue reading → [DISPLAY_ACURAX_ICONS]As the economy begins to recover from the Covid doldrums, IT workers have started to take advantage of their shortage. While this is not exactly a cybersecurity issue, the lack of people on your security team IS a security issue. A recent study by Gartner of 1,700 IT employees in 40 countries found that only […]
Continue reading → [DISPLAY_ACURAX_ICONS]This should make you feel better. Especially under the current situation. Palo Alto Networks Unit 42, an extremely well known and well respected group of security researchers, tested 200,000 network connected infusion pumps used in medical facilities. 75% of the devices tested had security vulnerabilities that would allow hackers to exploit them. The purpose of […]
Continue reading → [DISPLAY_ACURAX_ICONS]