Collaborate Disseminate
It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The status of various efforts… Continue reading The DoD Isn’t Fixing Its Security Problems
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing. However, CSO’s investigation shows that the bug… Continue reading Bug Bounty Programs Are Being Used to Buy Silence
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchan… Continue reading Bug Bounty Programs Are Being Used to Buy Silence
Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a… Continue reading The Insecurity of WordPress and Apache Struts
According to a recent Deloitte study, robotic process automation (RPA) continues to meet and exceed expectations across multiple business dimensions including improved compliance (92%), improved quality and accuracy (90%), improved productivity (86%) a… Continue reading CISO View Insights: Securely Scaling RPA Initiatives
As we head into the 2020 election season in the United States, a key component of the U.S. election infrastructure remains vulnerable to attack. Only 5% of the country’s largest counties are protecting their election officials from impersonation,… Continue reading Research: Email remains a weak link in U.S. election infrastructure
The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving… Continue reading More on Law Enforcement Backdoor Demands
The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications systems: Conclusion: There will be… Continue reading More on Law Enforcement Backdoor Demands
A pair of reports released at Black Hat mark the huge shift away from targeting consumers. Continue reading Ransomware Sees Triple-Digit Spike in Corporate Detections
The shift that organizations are undergoing as they move customer and citizen data online, push new services, create new ways to interact, and improve supply chain efficiencies is one of the most seismic things to…
The post Are You Spending in the Ri… Continue reading Are You Spending in the Right Places to Break the Cyber Kill Chain?