The latest security technology and best practices to secure software applications, vulnerabilities and code.

  • Spectre and Meltdown Vulnerabilities & Protection

    While there is no shortage of data breaches and new exploits in any given year, it’s relatively rare for there to be an entirely new class of vulnerabilities to be publicly disclosed, but that’s what has happened this year with Spectre and Meltdown. The Spectre and Meltdown flaws were publicly disclosed on Jan. 3, ushering in… Read more

  • Privileged Access Management Best Practices

    Access to applications, servers and network resources is the cornerstone of enterprise IT, which is all about enabling connectivity. Not every account should have full access to everything in an enterprise, however, which is where super user or privileged accounts come into play. With a privileged account, a user has administrative access to enterprise resources,… Read more

  • With So Many Eyeballs, Is Open Source Security Better?

    Back in 1999, Eric Raymond coined the term “Linus’ Law,” which stipulates that given enough eyeballs, all bugs are shallow. Linus’ Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security. In recent years,… Read more

  • What is a Bug Bounty? How to Set Up a Bug Bounty Program

    Bugs exist in software. That’s a fact, not a controversial statement. The challenge (and controversy) lies in how different organizations find the bugs in their software. One way for organizations to find bugs is with a bug bounty program. Bug bounties are not a panacea or cure-all for finding and eliminating software flaws, but they… Read more

  • Open Source Patch Management: Options for DIYers

    CVE-2017-5638 is the code vulnerability that will long live in the corporate memory of Equifax, the credit ratings agency. A simple patch management system might have kept that vulnerability from turning into one of the most high-profile data breaches in recent memory. CVE-2017-5638 is a remote code execution bug that affects the Jakarta Multipart parser… Read more

  • WordPress 4.8.3 Fixes Critical SQL Injection Vulnerability

    Boo! On Oct. 31, the open-source WordPress content management (CMS) and blogging platform released its 4.8.3 update, patching a frightening SQL Injection security vulnerability that was left open for weeks. “WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi),” WordPress… Read more

  • Securing MySQL DBMS

    By Maxim Sovetkin, Itransition MySQL, owned by Oracle since 2009, is the number one open source database for successful startups and Web-based applications, loved by such iconic social networks as Facebook, Twitter, YouTube and many others. The database comes in two different editions: the open source MySQL Community Server and the proprietary Enterprise Server. Today,… Read more

  • How to Encrypt a Flash Drive Using VeraCrypt

      Encryption is a smart idea for protecting data on a USB flash drive, as we covered in our piece that described how to encrypt a flash drive using Microsoft BitLocker. But what if you do not want to use BitLocker? You may be concerned that because Microsoft’s source code is not available for inspection,… Read more

  • Are There Open Source Vulnerability Assessment Options?

    Failure to fix known software vulnerabilities is a big reason why organizations’ networks get breached. In some cases organizations run software with known vulnerabilities for years. Forty-four percent of known breaches in 2014 were caused by unfixed vulnerabilities that were between two and four years old, according to HP’s Cyber Risk Report 2015. This is… Read more

  • Open Source Software’s Role in Breach Prevention and Detection

    Security professionals are increasingly acknowledging an uncomfortable truth: No network is secure from a sufficiently skilled and determined attacker. So while every effort should be made to prevent intruders getting on to the corporate network, it’s important that you can quickly spot an intrusion and minimize the damage that can result. Anton Chuvakin, a security… Read more

Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis