#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Compliance Framework | Breaking Cybersecurity News | The Hacker News

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

May 24, 2024 DevSecOps / Vulnerability Management
Introduction The infamous  Colonial   pipeline ransomware attack (2021) and  SolarWinds  supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers ( CISOs ): holding their ground while maintaining control over cloud security in the accelerating world of DevOps. The problem was emphasized by the  Capital One   data breach (2019),  Epsilon   data breach (2019),  Magecart   compromises (ongoing), and  MongoDB  breaches (2023-), where hackers exploited a misconfigured AWS S3 bucket. Strong collaboration between CISOs and DevOps teams on proper cloud security configurations could have prevented the breaches. More than the fight against hackers and the consequences of their attacks, several important problems stand out —the evolution of CISO's role and responsibilities and the challenge of improving cloud security, and how security operations teams collaborate with bus
(Cyber) Risk = Probability of Occurrence x Damage

(Cyber) Risk = Probability of Occurrence x Damage

May 15, 2024 Threat Detection / Cybersecurity
Here's How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity while presenting a revised scoring system for a more comprehensive evaluation. It further emphasizes the importance of considering environmental and threat metrics alongside the base score to assess vulnerabilities accurately. Why Does It Matter? The primary purpose of the CVSS is to evaluate the risk associated with a vulnerability. Some vulnerabilities, particularly those found in network products, present a clear and significant risk as unauthenticated attackers can easily exploit them to gain remote control over affected systems. These vulnerabilities have frequently been exploited over the years, often ser
Cybersecurity
Expert Insights
Cybersecurity Resources