A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.

Web design trends come and go at a dizzying pace these days. While it might be easy to completely redo a simple website or a web application, visual design is not often a top priority for large-scale enterprise applications. But even with larger applications, there comes a time when the system’s look and feel becomes dated and the user experience is just not at the level it might be. And it directly impacts customers. It’s probably time for a refresh!

Industry research firm Gartner asked cybersecurity thought leaders to submit a video of themselves answering the question “What are your customers’ top security priorities?” for the Gartner Security & Risk Management Summit, a virtual event for the EMEA region held this month. Julian Waits, general manager of cybersecurity for Devo, was among those to whom Gartner posed the question. His video is below, and this blog post offers an expanded version of his response.

Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale.

TLS is the most important protocol for secure communication with web sites and cloud services. Any vendor with ambitions in the SASE (Secure Access Service Edge) market has to be able to proxy TLS at scale. That requires considerable sophistication in terms of designing the computing and networking infrastructure for a SASE “security cloud,” but it also requires attention to the details of TLS itself.

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event.

If you had asked 10 year old Tyler what he wanted to be when he grew up, the answer would have been a very enthusiastic, “Teacher!” Over time, however, that desire lessened as my fascination with technology grew. I ultimately ended up attending Fanshawe College to study Computer Systems Technology. I never fully abandoned that desire to teach, though. For a period of time in high school and college, I wrote tutorials for a major online security forum.

Containers have become very popular with DevOps as a way to increase speed and agility. However, with recent reports of hackers utilizing vulnerabilities in Docker container images to compromise hosts and launch malicious containers – how can we identify this at the time of development to prevent security costing us later?

At Logsign, we believe that every one of our clients faces a unique set of threats. There can be overlapping; however, it would be highly rare that two organizations face the same set of threats. Accordingly, when you are using a SIEM solution like Logsign SIEM, there will be use cases that are more important to your business than others. If you have used a SIEM tool previously, you know that a SIEM is a powerful tool to identify the smallest of threats in your entire technical infrastructure.

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?