Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses.The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft.The cases go ba

In the old world, applications generally consisted of a web server, an app server and a database. Traffic went from router to switch to firewall. There was a network perimeter, which was our ingress. That was then, this is now. With the cloud, containers and microservices, we’re navigating an environment that includes clients, proxies, web servers, app

An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user’s approval.In an advisory released on September 24 — first spotted by TechCrunch — Apple informed customers that it’s working on an update that should fix the issue.The company explained th

A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals.The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas.Links sent to

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.Cycode provides a platform designed for source code control, detection and response. The solution should help organizations concerned about the exposure of intellectual property (IP) found in source code. While

Windows 7 and Windows Server 2008 will officially reach end-of-support on January 14, 2020, but they will continue to receive security patches past that date, unofficially.Microsoft will still provide support for some customers through Extended Security Updates (ESU), but the majority of systems still running Windows 7 or Windows Server 2008 will no longer r

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th

As cyberthreats make headlines, companies across the globe are working hard to develop efficient IT infrastructures capable of protecting sensitive data and maintaining compliance with privacy regulations. Although it checks both of these boxes, many organizations have been hesitant to adopt encryption due to cost, operational impact, the complexity of key m

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating

As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take t

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac

On July 17, IBM unveiled its z14 mainframe server, which combines the traditional mainframe hardware with new capabilities in areas such as cloud, cognitive, analytics, application management, blockchain, machine learning and more. Most importantly, z14 includes enhanced security features — namely, pervasive encryption — to help clients stay one step ahead

The Internet of Things (IoT) is here, but is your security program ready to handle it? For many reasons, such as network complexity, limited visibility, politics and other challenges that come along with emerging technologies in the enterprise, your organizations is likely underprepared. To get up to speed, a good place to start is your application security