Top 5 Need to Know Coding Defects for DevSecOps

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster. Security practitioners are accustomed to intervening at the end of the software development process to identify security vulnerabilities, many of which could have been prevented with earlier intervention. To address this problem, developers who are already under pressure to … Continue reading Top 5 Need to Know Coding Defects for DevSecOps

WhatsApp will share your data with Facebook and its companies

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February 8, 2021, they will be requested to share their data with Facebook companies. Curiously … Continue reading WhatsApp will share your data with Facebook and its companies

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations. CISA encourages administrators and users to review … Continue reading NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just … Continue reading U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Police bring down “bulletproof” VPN services beloved by cybercriminals

Operation Nova brings down VPN services “intentionally designed for criminal activity” Customers warned that international law enforcement continues to investigate who might have used seized services for past attacks The FBI, working with law enforcement agencies across Europe, have seized three web domains and the server infrastructure used by a VPN service to allegedly help … Continue reading Police bring down “bulletproof” VPN services beloved by cybercriminals