Security

Shadow code -- third-party scripts and libraries often added to web applications without security validation -- pose risks to websites and jeopardize compliance with privacy regulations, according to new research conducted by Osterman Research for PerimeterX. Third-party code leaves organizations vu...

Backed by many of the world's largest companies for more than a decade, the Software Package Data Exchange specification is now an internationally recognized ISO/IEC JTC 1 standard. This comes during a transformational time for software and supply chain security. The Linux Foundation announced Thur...

The "Linux Threat Report 2021 1H" from Trend Micro found that Linux operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive thre...

YouTube has taken a backseat to TikTok when it comes to average engagement with Android users, according to a report from a mobile market watcher. During the 11-month period between August 2020 and June 2021, TikTok's Android app has surpassed YouTube in the United States in the average monthly time...

Beginning in October, which is Cybersecurity Awareness Month, Amazon will make available to the public the training materials it's developed in-house to keep its employees and sensitive information safe from cyberattacks. It also offer "qualified" AWS customers a free multifactor authentication devi...

Imagine finding out that your neighbor's identity was stolen and their life savings cleaned out by criminals who entered through their 'smart' washing machine. Ridiculous, you say? Well, have you checked your home Wi-Fi network lately? You might have several connected household gadgets and other dev...

Disruptions to power grid systems can have devastating effects. Despite the fact that consistent electric power has been a basic human need for more than a century; more than ever, the grid faces a growing onslaught of threats. We spoke with experts in the field about the critical nature of the grid...

People are freaking out about reports of NSO Group's Pegasus surveillance tool being used to spy on journalists, political dissidents, and other opponents of regimes worldwide. It's disheartening, and worth discussing. But why are we shocked? In Pegasus' case, the game theory is clear: some company ...

Hackers aren't the only ones evading security measures of many organizations. So are their remote workers. In a new report on remote workforce security, 52 percent of the U.S. IT and cybersecurity professionals surveyed revealed they experienced remote workers finding workarounds to their organizati...

A number of popular commercial applications in categories ranging from browsers to messaging and meeting apps all contained open-source components with security vulnerabilities, according to new research performed by Osterman Research for GrammaTech. Online meetings and email clients, which contain...

The U.S. government is moving quickly and aggressively to address cybersecurity vulnerabilities affecting both the federal government and the private sector. Information technology companies that are directly and indirectly involved in providing IT products and services to the federal government wil...

Bitdefender security researchers have uncovered a Romanian-based threat group active since at least last year targeting Linux-based machines with weak Secure Shell Protocol (SSH) credentials. The researchers discovered the group was deploying Monero mining malware used to steal cryptocurrency

Anyone with a stake in keeping ahead of cybersecurity assaults and enterprise network intrusions through API vulnerabilities can now tap into expert advisories and security reports. API security company Salt Security last week launched Salt Labs, a now-public forum for publishing research on API vul...

Called Email Protection, the feature will be initially distributed through a waiting list that anyone can add their name to. Consumers chosen from the list will be able to create a free, personal @duck.com email address. Email sent to the @duck address will be denuded of trackers before being forwar...