How the Best DevSecOps Teams Make Risk Visible to Developers

Posted on March 14th, 2019 by Responsible Cyber

DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives. One of the biggest challenges security practitioners and leaders face in their mission to embed application security (AppSec) into the software development life cycle is a lack of engagement from developers. Leaders in DevSecOps […]

Read More

Box Mistakes Leave Enterprise Data Exposed

Posted on March 14th, 2019 by Responsible Cyber

User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms. Sharing public links via custom URLs to private files in Box enterprise storage can lead to more than productive collaboration: it can expose sensitive data to anyone with a search engine and a well-formed query.  […]

Read More

Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Posted on March 14th, 2019 by Responsible Cyber

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by “international cyber criminals.”Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing […]

Read More

POS Vendor Announces January Data Breach

Posted on February 21st, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2018-15380 PUBLISHED: 2019-02-20A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster serv… CVE-2019-3474 PUBLISHED: 2019-02-20A […]

Read More

HP gives software robots their own IDs to audit their activities

Posted on February 14th, 2019 by Responsible Cyber

Robots are replacing employees in the enterprise, especially those who perform repetitive tasks. So-called robotic process automation (RPA) involves software programs that perform predetermined tasks on a daily, weekly or monthly basis. A good example would be checking invoices in an accounts receivable department or performing end-of-month accounting. There’s a problem here, though. How do […]

Read More

Apple App Store stuffed with hardcore porn and gambling apps

Posted on February 14th, 2019 by Responsible Cyber

by Lisa Vaas Apple’s easily abused Enterprise Certificate program isn’t just letting snoopy Facebook and Google apps slide into its Apps store, it turns out: It’s also being exploited by, at the very least, a dozen hardcore porn apps and a dozen gambling apps. Last week, Facebook’s Research app – that paid people, including teens, […]

Read More

How ADP identifies and reduces third-party risk

Posted on February 6th, 2019 by Responsible Cyber

Today’s modern enterprise is far from a self-contained monolith, but rather the center of a vast web of interconnected suppliers, vendors and customers, all of which introduce risk for a CISO to deal with. Managing that risk is by no means a solved problem, but CSO50 winner ADP’s new Global Third-Party Risk Management framework has […]

Read More

Japan Authorizes IoT Hacking

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More

Ukraine Sees Surge in Election-Targeted Cyberattacks

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More

Data Supports DevSecOps Practices

Posted on January 30th, 2019 by Responsible Cyber

In this episode, we will look at the emergence of DevSecOps in the enterprise. Tim Jarrett, Senior Director of Product Marketing with Veracode, joins us to explain the goal of building security into the software development process at the outset. Listeners will learn more about: What research says about the effectiveness of DevSecOps The core […]

Read More