"While far from revolutionary, the NYDFS regulations present an interesting opportunity for the New York’s financial services industry to become a golden beacon of beat practice for introducing and maintaining a secure culture in their organisation. These new standards are the first of many that, in time, we hope, will put to bed the routine box-ticking cybersecurity exercises that ultimately leave organisations uncompliant and at a greater cyber risk," writes Colin Domoney (@colindomoney), Consultant Solution Architect, Veracode.
A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide. Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.
The global cyberattack that crippled computers around the world combined elite hacking tools with a particularly devastating form of malicious software known as ransomware. But there was another factor that helped turn the outbreak into one of the nastiest computer infections ever: human fallibility.
A global cyber attack on Friday renewed concerns about whether the U.S. National Security Agency and other countries' intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.
After months of rumors and leaked drafts, and amid another week of White House controversy that included the firing of FBI Director James Comey, President Donald Trump signed an executive order on cybersecurity.
A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset. More from Veracode's Director of Developer Engagement Peter Chestna (@PeteChestna).
DevOps has ushered in a new trend. Teams are moving from batched releases of functionality to single-piece flow. In other words, we no longer think about collecting the work of multiple engineers over multiple sprints into a release. Our ability to bring value to the customer as soon as possible and out-innovate the competition will be driven by releasing the work of a single engineer as soon as it is ready. This typically is accomplished through a continuous integration/continuous delivery (CI/CD) pipeline directly from the source repository through automated testing and finally deployment into production, preferably without any human intervention. What does this mean for developers? Plenty. In this piece, Pete Chestna (@PeteChestna) takes a look at the major capabilities needed by software engineers who want to thrive as full-spectrum engineers (FSEs.)
What has not been updated in the new OWASP Top 10 list is almost more significant than what has. More from Chris Eng (@chriseng), vice president of research, Veracode.
While some Java features can lie dormant for years before being popularized, Java 8's functional additions have sparked widespread adoption. To gather insights on the state of the Java ecosystem today, we spoke to nine executives who are familiar with the ecosystem. We asked these experienced Java professionals "What have been the most significant changes to the Java ecosystem in the past year?"
A new release of NSA cyberweapons falls flat as Windows exploits from the Shadow Brokers have mostly been patched, but unsupported systems still at risk. Chris Wysopal, CTO and co-founder of Veracode, said the timing of the release "was well designed." "Some of the exploits are for Windows Vista which was just end-of-lifed on Tuesday [last] week. This means they may never get patches for the vulnerabilities," Wysopal told SearchSecurity.
Following the news that a new zero-day vulnerability that affects all supported versions of Microsoft Word has been uncovered and is already being used to launched attacks. Paul Farrington, Manager, EMEA Solution Architects at Veracode comments "the Microsoft engineers will not only need to devise a patch for this vulnerability, but also to remodel their threat assessment of this type of file interaction. They will need to make the opening of untrusted Word documents a viable option once again, else a major benefit of this word processing software would be seriously weakened."
FireEye Labs has warned of a zero-day vulnerability affecting Microsoft Word. The warning came in a blog by Threat Researcher, Genwei Jiang. In the blog, Jiang says FireEye alerted Microsoft to the vulnerability a few weeks ago and that Microsoft was already working towards a fix. At first glance this seems like just another attack that can be quickly patched and resolved. However, Paul Farrington, Manager, EMEA Solution Architects, Veracode, a company recently acquired by CA says it is much more serious than that.
As health records have gone digital in the past seven years, they've become far more vulnerable to poaching—and far more valuable to thieves, who can sell a complete medical record for more than $1,000 on the darknet. That's because the records contain not just your insurance info which can be used for fraudulent billing and prescriptions, but also Social Security, driver's license and credit card numbers. As a result, the health care industry is scrambling to play catch-up to secure patient and hospital data.
If there's one thing that the DevOps community fetishizes, it's speed. Release velocity is the glitziest measuring stick by which conference circuit speakers, case study writers, and DevOps evangelists can compare successes. In spite of all the chatter, though, the truth is that speed of delivery is only a secondary driver for many organizations. Conducted among more than 500 development and IT professionals, the survey, sponsored by HPE, examined both motivations and influencers of DevOps motivations.
Custom Cleansers, Accelerated Results, Greenlight Auto-Scan and Perl language enable Secure DevOps by expanding ability to make automated security testing part of the development process.
Of the hundreds of security conferences, large and small, the vast majority are interchangeable in terms of content, speaker profiles, and outside events. However, some up-and-coming conferences are working to reduce what's become an "army of noise," providing better opportunities for attendees and novice presenters.
WikiLeaks promised it would share details of the CIA hacks found in the Vault 7 documents with affected vendors, but the outlet also has mysterious demands it wants met before disclosing vulnerability information. When WikiLeaks first claimed it would work with the software vendors to patch the vulnerabilities found in the CIA hacks, experts were wary of whether WikiLeaks could follow through on its promises.
Multi-factor authentication provides a more secure option than passwords and ID alone. We take a comprehensive look at MFA security, two-factor authentication, mobile authentication, biometrics and vendors, and issues to consider before adopting an MFA solution.
WikiLeaks founder Julian Assange said he would contact technology companies and privately supply technical details of the CIA’s collection of bugs in some of the world’s most commonly used smartphone software. Assange made the announcement in a live-streamed press conference on Thursday, two days after WikiLeaks published the cache of classified documents containing the bugs.
Researchers have uncovered hackers actively exploiting a code-execution bug residing in thge Apache Struts 2 web application framework - potentially affecting tens of thousands of applications throughout the internet. Veracode CTO and co-founder Chris Wysopal, who dubbed the flaw Struts-Shock, noted that this type of coding problem can have vast consequences. The extensive use of components can cause a vulnerability to become widespread. What once would have been isolated to a single application, now can impact tens of thousands of applications.
CA Technologies announced Monday that it would purchase Veracode, a Massachusetts-based application security firm, for $614 million in cash. The company had raised about $110 million before privately filing for an IPO two years ago, as Fourtune then reported. The acquisition shows just how much DevOps (short for software development and IT operations) has become all the rage in techland.
"CA Technologies, a company focused on digital transformation of businesses, yesterday announced that it will acquire Veracode, a Burlington, Mass.-based provider of application security solutions, for $614 million in cash." - Dan Primack