John P. Mello Jr.
Contributor
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix. Disclosure: He also writes for Hewlett-Packad's marketing website TechBeacon.
SQL injection, XSS vulnerabilities continue to plague organizations
Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.
11 top cloud security threats
More data and applications are moving to the cloud, which creates unique infosecurity challenges. Here are the "Pandemic 11," the top security threats organizations face when using cloud services.
SolarWinds creates new software build system in wake of Sunburst attack
Lessons learned from software supply chain breach lead to innovative and secure development scheme.
Mitek launches MiVIP platform to fight identity theft
The Mitek Verified Identity Platform can leverage multiple authentication technologies to provide security across the transaction lifecycle.
Open-source software risks persist, according to new reports
Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.
Cloud-native TACACS+ access solution launched by Portnox
New product aims to make network authentication, authorization, and accounting technology more attractive to mid-sized companies.
Threat actors becoming more creative exploiting the human factor
Remote work, supply chains, commercial clouds offer threat actors opportunities to trick people into doing their bidding.
ConcealBrowse isolates malicious software before it can work its mischief
Agent-based solution screens code to prevent browser-borne attacks on the enterprise.
How the Colonial Pipeline attack has changed cybersecurity
On the one-year anniversary of the Colonial Pipeline attack, industry insiders reflect on the event's effect on cybersecurity practice and perception.
Qualys upgrades vulnerability management solution
VMDR 2.0 offers better insight into risk posture, faster fix times for critical vulnerabilities.
Dragos launches info portal to fill security gaps in critical infrastructure
OT-CERT provides free resources to under-served ICS/OT community members and beefs up threat and vulnerability coordination.
SecureAuth unveils new end-to-end access and authentication solution
Orchestration, passwordless tech, continuous authentication combined in next-generation Arculix platform
New Linux-based ransomware targets VMware servers
Cheerscript plants double-extortion malware on ESXi servers.
Enterprises report rise in risk events, yet risk management lags
More threats to data, privacy are the top concerns of risk managers and are becoming “the new normal.”
CISOs worried about material attacks, boardroom backing
CISOs are also less concerned about ransomware attacks, but many says their organizations are still not properly prepared for them.
Threat hunters expose novel IceApple attack framework
Suspected state-sponsored threat actor uses IceApple to target technology, academic and government sectors with deceptive software.
Microsoft expands managed security services offerings with new program
Security Experts allows customers to tap into Microsoft pros for threat hunting, XDR, and modernization.
Wrongly configured Google Cloud API potentially creates dangerous functionality
Misconfiguration of the Google Cloud Platform API could create an exploitable behavior that leads to service compromise.
New attack surface management product takes full-stack aim at software supply chain threats
Data Theorem's Supply Chain Secure offers continuous runtime analysis and dynamic inventory discovery.