According to Veracode, the government isn’t very good at fixing software flaws. In fact, of 7 vertical segments, they rank last. The financial and manufacturing sectors do best at fixing vulnerabilities. Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time. Given this, it is not […]
Continue reading → [DISPLAY_ACURAX_ICONS]I guess that is their version of “Houston, we have a problem”. The State Department posted a press release on their web site YESTERDAY that says that they have been having problems issuing visas and passports for two weeks. The State Department usually issues about 50,000 visas a day. Last week, they issued about 1,500 […]
Continue reading → [DISPLAY_ACURAX_ICONS]The WSJ Blog had a guest post from Deloitte talking about why the U.S. electric grid is still vulnerable to attack. The short answer is that the grid is being used and managed in a way that it was never designed to operate and the utilities and manufacturers have not adjusted to that fact (see […]
Continue reading → [DISPLAY_ACURAX_ICONS]It is common, if not automatic, for companies that have their information systems breached to offer credit monitoring services, and this includes medical record breaches. Consumers can also pay companies like Lifelock to provide the same services. The question is do they work and the answer is, for the most part, not really. Brian Krebs […]
Continue reading → [DISPLAY_ACURAX_ICONS]Larry Ponemon surveys companies every year to see how cost of dealing with breaches is trending. This year shows, among other things, that it costs companies an average of $217 per record breached. That means, on average, a small breach of say 10,000 records still costs $2 million. If you assume his numbers are high, […]
Continue reading → [DISPLAY_ACURAX_ICONS]Another day, another software supply chain exploit. This time, Zytel and D-Link have confirmed that their routers have the bug, but researchers think products from Netgear, TP-Link, Trendnet and other vendors are vulnerable. Already 90 plus products from more than 20 vendors have been potentially identified as vulnerable. Only TP-Link has announced a patch. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]