News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News May 22 2017 bobsguide

The New York DFS cybersecurity regulations: Non-compliance is not an option

"While far from revolutionary, the NYDFS regulations present an interesting opportunity for the New York’s financial services industry to become a golden beacon of beat practice for introducing and maintaining a secure culture in their organisation. These new standards are the first of many that, in time, we hope, will put to bed the routine box-ticking cybersecurity exercises that ultimately leave organisations uncompliant and at a greater cyber risk," writes Colin Domoney (@colindomoney), Consultant Solution Architect, Veracode.

In the News May 15 2017 New York Times

How to Protect Yourself From Ransomware Attacks

A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide. Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.

In the News May 14 2017 Wall Street Journal

Ransomware Hack Exploited Human Error

The global cyberattack that crippled computers around the world combined elite hacking tools with a particularly devastating form of malicious software known as ransomware. But there was another factor that helped turn the outbreak into one of the nastiest computer infections ever: human fallibility.

In the News May 13 2017 Reuters

Global cyber attack fuels concern about U.S. vulnerability disclosures

A global cyber attack on Friday renewed concerns about whether the U.S. National Security Agency and other countries' intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.

In the News May 12 2017 The Parallax

Trump’s cybersecurity order not likely to have a major impact, experts say

After months of rumors and leaked drafts, and amid another week of White House controversy that included the firing of FBI Director James Comey, President Donald Trump signed an executive order on cybersecurity.

In the News May 12 2017 The Daily Mail

Ninety-nine countries are hit by 75,000 attacks using NSA superweapon dubbed the 'atom bomb of malware' stolen by mysterious hacking collective called 'The Shadow Brokers'

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

In the News May 11 2017 Dark Reading

What Developers Don't Know About Security Can Hurt You

Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset. More from Veracode's Director of Developer Engagement Peter Chestna (@PeteChestna).

In the News May 09 2017 DevOps.com

Get Ready to Become a Full-Spectrum Engineer

DevOps has ushered in a new trend. Teams are moving from batched releases of functionality to single-piece flow. In other words, we no longer think about collecting the work of multiple engineers over multiple sprints into a release. Our ability to bring value to the customer as soon as possible and out-innovate the competition will be driven by releasing the work of a single engineer as soon as it is ready. This typically is accomplished through a continuous integration/continuous delivery (CI/CD) pipeline directly from the source repository through automated testing and finally deployment into production, preferably without any human intervention. What does this mean for developers? Plenty. In this piece, Pete Chestna (@PeteChestna) takes a look at the major capabilities needed by software engineers who want to thrive as full-spectrum engineers (FSEs.) 

In the News Apr 27 2017 Dark Reading

OWASP Top 10 Update: Is It Helping to Create More Secure Applications?

What has not been updated in the new OWASP Top 10 list is almost more significant than what has. More from Chris Eng (@chriseng), vice president of research, Veracode.

In the News Apr 24 2017 DZone

The Biggest Change to Java

While some Java features can lie dormant for years before being popularized, Java 8's functional additions have sparked widespread adoption. To gather insights on the state of the Java ecosystem today, we spoke to nine executives who are familiar with the ecosystem. We asked these experienced Java professionals "What have been the most significant changes to the Java ecosystem in the past year?" 

In the News Apr 18 2017 TechTarget

Shadow Brokers' Windows exploits target unsupported systems

A new release of NSA cyberweapons falls flat as Windows exploits from the Shadow Brokers have mostly been patched, but unsupported systems still at risk. Chris Wysopal, CTO and co-founder of Veracode, said the timing of the release "was well designed." "Some of the exploits are for Windows Vista which was just end-of-lifed on Tuesday [last] week. This means they may never get patches for the vulnerabilities," Wysopal told SearchSecurity. 

 

In the News Apr 12 2017 Information Security Buzz

Microsoft Word Zero-Day Vulnerability

Following the news that a new zero-day vulnerability that affects all supported versions of Microsoft Word has been uncovered and is already being used to launched attacks. Paul Farrington,  Manager, EMEA Solution Architects at Veracode comments "the Microsoft engineers will not only need to devise a patch for this vulnerability, but also to remodel their threat assessment of this type of file interaction. They will need to make the opening of untrusted Word documents a viable option once again, else a major benefit of this word processing software would be seriously weakened."

In the News Apr 11 2017 Enterprise Times

Microsoft Word hit by zero-day vulnerability

FireEye Labs has warned of a zero-day vulnerability affecting Microsoft Word. The warning came in a blog by Threat Researcher, Genwei Jiang. In the blog, Jiang says FireEye alerted Microsoft to the vulnerability a few weeks ago and that Microsoft was already working towards a fix. At first glance this seems like just another attack that can be quickly patched and resolved. However, Paul Farrington,  Manager, EMEA Solution Architects, Veracode, a company recently acquired by CA says it is much more serious than that.

In the News Apr 11 2017 Forbes

Why The Application Travelator Needs More Handrails

In the News Apr 08 2017 Crain's Chicago Business

A Frightening new frontier for hackers: Your medical records

As health records have gone digital in the past seven years, they've become far more vulnerable to poaching—and far more valuable to thieves, who can sell a complete medical record for more than $1,000 on the darknet. That's because the records contain not just your insurance info which can be used for fraudulent billing and prescriptions, but also Social Security, driver's license and credit card numbers. As a result, the health care industry is scrambling to play catch-up to secure patient and hospital data.

In the News Apr 05 2017 TechBeacon

DevOps delivers savings and speed, so focus on strategy

If there's one thing that the DevOps community fetishizes, it's speed. Release velocity is the glitziest measuring stick by which conference circuit speakers, case study writers, and DevOps evangelists can compare successes. In spite of all the chatter, though, the truth is that speed of delivery is only a secondary driver for many organizations. Conducted among more than 500 development and IT professionals, the survey, sponsored by HPE, examined both motivations and influencers of DevOps motivations.

Press Release Apr 04 2017

Veracode Helps Developers Reduce Risk and Decrease Time to Production with New Static Analysis Features

Custom Cleansers, Accelerated Results, Greenlight Auto-Scan and Perl language enable Secure DevOps by expanding ability to make automated security testing part of the development process.

In the News Apr 04 2017 ZDNet

Have security conferences become an 'army of noise'?

Of the hundreds of security conferences, large and small, the vast majority are interchangeable in terms of content, speaker profiles, and outside events. However, some up-and-coming conferences are working to reduce what's become an "army of noise," providing better opportunities for attendees and novice presenters.

In the News Mar 21 2017 TechTarget

WikiLeaks' disclosure of CIA hacks comes with requirements

WikiLeaks promised it would share details of the CIA hacks found in the Vault 7 documents with affected vendors, but the outlet also has mysterious demands it wants met before disclosing vulnerability information. When WikiLeaks first claimed it would work with the software vendors to patch the vulnerabilities found in the CIA hacks, experts were wary of whether WikiLeaks could follow through on its promises. 

 

In the News Mar 14 2017 eSecurity Planet

Multi-Factor Authentication: A Critical Security Tool for Enterprises

Multi-factor authentication provides a more secure option than passwords and ID alone. We take a comprehensive look at MFA security, two-factor authentication, mobile authentication, biometrics and vendors, and issues to consider before adopting an MFA solution.

In the News Mar 09 2017 The Guardian

WikiLeaks says it will help Silicon Valley defend against CIA hacking

WikiLeaks founder Julian Assange said he would contact technology companies and privately supply technical details of the CIA’s collection of bugs in some of the world’s most commonly used smartphone software. Assange made the announcement in a live-streamed press conference on Thursday, two days after WikiLeaks published the cache of classified documents containing the bugs.

In the News Mar 09 2017 Infosecurity Magazine

Apache Struts 2 Puts 1000s of Web Apps at Risk

Researchers have uncovered hackers actively exploiting a code-execution bug residing in thge Apache Struts 2 web application framework - potentially affecting tens of thousands of applications throughout the internet. Veracode CTO and co-founder Chris Wysopal, who dubbed the flaw Struts-Shock, noted that this type of coding problem can have vast consequences. The extensive use of components can cause a vulnerability to become widespread. What once would have been isolated to a single application, now can impact tens of thousands of applications. 

In the News Mar 08 2017 Fortune

Term Sheet: Acquisition, Secured

CA Technologies announced Monday that it would purchase Veracode, a Massachusetts-based application security firm, for $614 million in cash. The company had raised about $110 million before privately filing for an IPO two years ago, as Fourtune then reported. The acquisition shows just how much DevOps (short for software development and IT operations) has become all the rage in techland.

In the News Mar 07 2017 Axios

CA is buying Veracode for $614 million

"CA Technologies, a company focused on digital transformation of businesses, yesterday announced that it will acquire Veracode, a Burlington, Mass.-based provider of application security solutions, for $614 million in cash." - Dan Primack

 

 

contact menu