Crypto audit of Threema revealed many vulnerabilities
Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break …
security auditing
Independent security audits are essential for cloud service providers. Here’s why
As more companies outsource IT infrastructure to third-party providers and adopt cloud-based collaboration tools, the need for partners that deliver strong protection and …
Internal auditors stepping up to become strategic advisors in the fight against fraud
A report from the Internal Audit Foundation, The Institute of Internal Auditors (IIA) and Kroll, is based on a recent global survey and focus groups with internal auditors, …
How can organizations ease audit overload?
A research from Vanson Bourne examines how financial services are faring with the ever-increasing challenge of audit overload. The study, which surveyed 200 U.S. IT security …
Audit effectiveness and talent retention at risk as hybrid auditing becomes the new norm
Audit functions that fail to adapt well to hybrid auditing risk a loss of effectiveness and influence at a time when real-time assurance has never been more vital to the wider …
How a conference room speakerphone might let attackers into your company network
Several egregious vulnerabilities affecting the Stem Audio Table conference room speakerphone could be exploited by attackers to eavesdrop on what’s being discussed in …
Kubestriker: A security auditing tool for Kubernetes clusters
Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services …
What businesses need to know to evaluate partner cyber resilience
Many recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling …
Cisco re-patches wormable Jabber RCE flaw
In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The …
CISOs struggling to prep for security audits
Calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely, according to Shujinko. …
Organizations still struggle to manage foundational security
Regulatory measures such as GDPR put focus on data privacy at design, tightening requirements and guiding IT security controls like Public Key Infrastructure (PKI). Continued …
Microsoft Application Inspector: Check open source components for unwanted features
Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted …