Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.
The latest edition of the ISMG Security Report discusses the appearance at a Senate hearing this week by the former head of security for Twitter; the top-performing web application and API protection vendors, according to Gartner's Magic Quadrant 2022; and threat trends to watch for in 2023.
The U.S. Department of Justice obtained its first ever guilty plea in a cryptocurrency insider trading case after Nikhil Wahi, 26, admitted to a scheme to buy crypto assets ahead of their listing on Coinbase. Wahi is one of a trio facing charges that includes his brother, a former Coinbase employee.
Twitter security exec-turned-whistleblower Peiter Zatko today listed alleged security and privacy shortcomings of the social media company for a Senate panel. "It's not farfetched to say that an employee inside the company could take over the accounts of all of the senators in this room," he said.
Today's big challenge for practitioners is identifying the "known and unknown" attack surface faster than the hackers. There is a need to build purpose-built sensors and asset management strategies to discover unknown attacks, says Debashish Jyotiprakash, vice president - Asia at Qualys.
Post-pandemic, in the new era of hybrid work, Mastercard CSO Ron Green says the unintentional insider threat is one of his top concerns for member institutions and their customers. He shares insight on threats, partnerships and how the public and private sectors can address workforce development.
Would you trust an accused hacker? Specifically, one Nickolas Sharp, a software developer charged with extorting former employer Ubiquiti, after allegedly engineering a data breach and posing as an anonymous whistleblower in media interviews.
Fintech company Block faces a putative class action demanding damages for customers affected by a 2021 data breach that affected 8.2 million individuals. The company, formerly known as Square and co-founded by former-Twitter CEO Jack Dorsey, disclosed the breach in April.
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
A U.S. federal jury convicted former Twitter employee Ahmad Abouammo for spying on Saudi Arabian dissidents on behalf of Saudi Arabia. The jury also found him guilty of conspiracy to commit wire fraud, falsification of records and money laundering.
Cybersecurity compliance is not the same as security. Recognizing this fact can lead many organizations to prioritize one over the other, thereby increasing critical risks. But by taking a planned approach to integrating the two, you can achieve a holistic solution that delivers both.
Ransomware attacks and data breaches: One thing both have in common is the challenge of attempting to accurately understand their true scale and impact. Too often, data breach notifications lack useful details, while ransomware attacks and ransom payments go unreported.
Joshua Schulte now faces a minimum of 80 years in prison after a Manhattan federal jury returned guilty verdicts in all nine counts brought against the former CIA programmer by U.S. prosecutors. Schulte leaked a trove of classified hacking secrets used in espionage.