The cost upsides of writing code that's as free from bugs as possible has long been known, says Veracode's Chris Wysopal, but bugs continue to plague production code. Thanks to the rise of agile programming, however, there are new opportunities to eradicate flaws during development.
Dan Holden, a cybersecurity researcher and technologist, has just taken on the new role of CTO and intelligence director at the Retail Cyber Intelligence Sharing Center. What top challenges is he addressing?
Art Coviello, retired chair of RSA, discusses the state of cybersecurity in 2017, including the threats - and threat actors - of greatest concern and the emerging security technologies that encourage him the most.
Gartner's Avivah Litan is just back from a trip to Israel, and she's particularly enthusiastic about the new topic of "offensive defense." What is the concept, and what security controls does it require?
A discussion on how the understanding of epidemiology, immunology and genetic research processes can help developers create methods to secure information systems leads the latest episode of the ISMG Security Report. Also featured: insights on strengthening ATM defenses.
A large malware campaign first discovered in Poland may have affected financial institutions in 31 countries. Technical clues point toward the Lazarus group, believed to be linked to North Korea, which used the Sundown exploit kit, researchers say. But attributing cyberattacks is tricky.
At this year's RSA Conference, we have about 35 videos on the docket. And truly we're talking about the A-Z of information security thought leaders, from CrowdStrike co-founder Dmitri Alperovitch to ZixCorp CEO David Wagner, with a stop in the middle to discuss homeland security with U.S. Rep. Michael McCaul.
Russian police have arrested more suspected members of a cybercrime gang that used "Lurk" malware to steal nearly $30 million from Russian banks. Separately, a lead cybersecurity investigator's arrest on treason charges appears to be chilling cross-border cooperation.
Dozens of banks, governments and telecommunications companies have been struck by fileless malware, which resides in memory and leaves few traces for investigators, according to Kaspersky Lab. The use of open-source tools and utilities makes the attacks difficult to detect.
Exploit kits are out and phishing emails are in for attackers who are attempting to infect victims with ransomware, according to new research. Unfortunately, the volume of phishing - and thus ransomware - attacks continues to grow.
A digital forensic analysis of a new type of Mac malware reveals that it has a strong connection to Iran, researchers say. The malware, which turned up on the computer of a human rights advocate, tries to steal authentication details from macOS's Keychain.
In this edition of the ISMG Security Report: an analysis of a major fine against a Texas hospital and its implications for how the Trump administration might enforce HIPAA rules. Also, an IRS-related phishing scheme targets businesses.
InterContinental Hotels Group is warning customers that malware infected point-of-sale devices at a dozen of its hotel restaurants and bars in North America and the Caribbean for up to four months in 2016. But it's unclear if the breach ties to reported exploits involving POS service providers.