HP gives software robots their own IDs to audit their activities

Posted on February 14th, 2019 by Responsible Cyber

Robots are replacing employees in the enterprise, especially those who perform repetitive tasks. So-called robotic process automation (RPA) involves software programs that perform predetermined tasks on a daily, weekly or monthly basis. A good example would be checking invoices in an accounts receivable department or performing end-of-month accounting. There’s a problem here, though. How do […]

Read More

Apple App Store stuffed with hardcore porn and gambling apps

Posted on February 14th, 2019 by Responsible Cyber

by Lisa Vaas Apple’s easily abused Enterprise Certificate program isn’t just letting snoopy Facebook and Google apps slide into its Apps store, it turns out: It’s also being exploited by, at the very least, a dozen hardcore porn apps and a dozen gambling apps. Last week, Facebook’s Research app – that paid people, including teens, […]

Read More

How ADP identifies and reduces third-party risk

Posted on February 6th, 2019 by Responsible Cyber

Today’s modern enterprise is far from a self-contained monolith, but rather the center of a vast web of interconnected suppliers, vendors and customers, all of which introduce risk for a CISO to deal with. Managing that risk is by no means a solved problem, but CSO50 winner ADP’s new Global Third-Party Risk Management framework has […]

Read More

Japan Authorizes IoT Hacking

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More

Ukraine Sees Surge in Election-Targeted Cyberattacks

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More

Data Supports DevSecOps Practices

Posted on January 30th, 2019 by Responsible Cyber

In this episode, we will look at the emergence of DevSecOps in the enterprise. Tim Jarrett, Senior Director of Product Marketing with Veracode, joins us to explain the goal of building security into the software development process at the outset. Listeners will learn more about: What research says about the effectiveness of DevSecOps The core […]

Read More

Remote Access & the Diminishing Security Perimeter

Posted on January 30th, 2019 by Responsible Cyber

Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems. Long gone are the days of the physical perimeter, where a company’s IT infrastructure was entirely on-site. Today’s increasingly decentralized enterprises depend on a workforce that operates both at home and on mobile devices, […]

Read More