News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Mar 05 2018 Slate

Why is America letting Russia get away with meddling in our democracy?

Chris Wysopal, CTO of CA Veracode, a leading cybersecurity company, offers a more moderate option—slowing the computers down. “We could make the computers suffer hard-drive failures, keeping the operators so busy they couldn’t do much else,” Wysopal told me. “This is easy to do, and it would send a message: We can get to you, just like you can get to us, and we can step this up several notches”—for instance, fry the computers, as Clarke suggests—“if you don’t stop.”

In the News Mar 05 2018 Computing

Security researchers identify new vulnerability affecting Pivotal Spring projects

Researchers imaginatively dub the new vulnerability "Spring Break"

In the News Mar 05 2018 Computer Weekly

Spring Break flaw shows cross-industry collaboration

A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.

In the News Mar 01 2018 SD Times

Developer training is the key to implementing security into DevOps, CA Veracode says

A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment.

In the News Mar 01 2018 Silicon (Germany)

Meltdown and Specter show the weakness of the networked world

Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.

In the News Mar 01 2018 Computerworld Denmark

The code should be safe from the beginning ... but three out of four applications have a security shortage

If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.

In the News Feb 28 2018 eWeek

Top Five Ways Security Vulnerabilities Hide in Your IT Systems

Corporate IT systems with known vulnerabilities are often missed or overlooked. In the case of Equifax, a known vulnerability led to hundreds of millions of dollars in losses. Here are the top-5 ways that vulnerabilities hide inside your company.

In the News Feb 27 2018 RSA Conference

Shift Left or Die: Baking Security into the Software Development Lifecycle is More Critical Than Ever

Somewhere along the road to DevOps nirvana that so many organizations have been attempting to follow, security got left behind. You see, a big driver of the need for DevOps is the speed with which organizations crank out software. It turns out it's really easy for software development to run off the rails, turning what should be innovation into unnecessary fiascos that can cost millions to fix, or worse yet, cause irreparable damage to a company's reputation.

In the News Feb 26 2018 Information Age

Business leaders are not keeping up with the data breach headlines – does it matter?

New software also brings with it new threats to the overall security of an organisation, so understanding the potential risks and vulnerabilities software introduces is essential if businesses want to keep hackers at bay

In the News Feb 22 2018 Search Security

SEC cybersecurity disclosure rules get a guidance update

The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.

In the News Feb 20 2018 Midrange Magazin (GER)

No power to data thieves

Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, the globally operating U. S. driver service agent, who has been the victim of a Ransomware attack: Data from 57 million customers and drivers were hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyber attacks. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.

In the News Feb 18 2018 Spiegel Online (GER)

The dream of a fully automatic hacking machine

A machine that automatically finds new vulnerabilities in any software - this is what a team led by Fabian Yamaguchi from Berlin is working on. Can anyone become a hacker?

In the News Feb 15 2018 CSO

How to approach business leaders about cybersecurity when they don’t follow the breach headlines

Hint: hit them where it hurts the most – their own personal reputation and livelihood.

In the News Feb 13 2018 Trend Report (GER)

Recognize the signs of the time and act

This is a guest article by Julian Totzek-Hallhuber, Solution Architect, CA Veracode. The Aztec Empire, the Roman Empire or the British Empire - if one had asked contemporary witnesses, these cultures seemed untouchable and would last forever. External influences and socio-cultural developments have only made them examples of transience in the course of history. Today, the world looks completely different, but some developments in the shadow of technological progress have the potential to revolutionize our society from the ground up. The advantage is that we are able to recognize early warnings and take countermeasures. When Europeans entered the new world, it was the beginning of the end of the indigenous tribes and advanced cultures of a whole continent. Such a scenario, which in the long run can wipe out entire civilizations, is of course unthinkable nowadays, since today's cultures are consolidated and embedded in the global community. Accordingly, such upheavals today have far more far-reaching consequences, affecting much larger regions and sometimes the whole world. Three scenarios in particular are now able to change the course of the world from the ground up.

In the News Feb 07 2018 Information Security Buzz

NHS Trusts Have Failed Cybersecurity Tests

With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests.

In the News Jan 24 2018 DZone

Security Starts at the Top

The culture connection gets real as experts agree that secure software development requires a new mindset across the board.

In the News Jan 24 2018 DevOps.com

How Developers Can Take a More Proactive Approach to Security

Developers tend to get thrown under the bus when it comes to application security, but recent data shows that developers do, in fact, care about security. Take mitigation for example. Developers don’t try to rig the system by rejecting findings as false positives or as mitigated by design. Developers documented mitigations for just 14.4 percent of all flaws found by CA Veracode’s platform in the past year.

In the News Jan 24 2018 TechBeacon

5 trends app sec teams should watch in 2018

Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.

In the News Jan 23 2018 DevOps.com

CA Technologies Survey Uncovers DevSecOps Challenges

Chris Wysopal, CTO for the CA Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.

In the News Jan 22 2018 Information Security Buzz

2.9 Million Norwegians Healthcare Data Allegedly Breached

It’s being reported that a hacker or hacker group might have stolen healthcare data for more than half of Norway’s population, according to reports in local press. The attack took place on January 8 and came to light this week when Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region, announced a security breach on its website.

In the News Jan 22 2018 Information Security Buzz

Schneider Electric Says Software Bug Exploited In Watershed Hack

It has been reported by that Schneider Electric SE has disclosed that hackers exploited a flaw in its software in a watershed hack discovered last month that halted plant operations at an industrial facility.

In the News Jan 22 2018 Tech Native

Women in Cybersecurity: Why Closing the Gender Gap is Critical

When discussing the lack of women in technology fields, the conversation generally starts around basic questions: What is it about tech fields that discourages women from participating, and what can people in the field do to attain a better balance?

In the News Jan 19 2018 SC media

Trisis nation-state authored malware leaked onto internet

Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online that could enable hackers to compromise safety systems at power plants.

In the News Jan 09 2018 Huffington Post UK

Why The Government Wants You To Update Your Software

It’s amazing when you watch a lightbulb moment happen – especially when you’ve spent a great deal of your professional live devoted to it. Read more from CA Veracode's Chris Wysopal (@WeldPond).

In the News Jan 08 2018 SC Media

Security issue found in AMD's Platform Security Processor

Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.

 

 

contact menu