With support for the programming language no longer available, organizations should port to Python 3, security researches say. Nearly five months after the Python Software Foundation finally ended support for the Python 2 programming language, many developers are continuing to use it, heightening security risks for their organizations in the process. Support for Python 2
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps. According to the latest Cloud Security Alliance (CSA) report on the 11 biggest threats to cloud computing, misconfiguration and inadequate change control ranked second only to — you guessed it — data breaches. The Capital One incident, in which data on
How California’s new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk. On January 1, 2020, California’s new privacy law took effect, which will dramatically increase security risks for any company operating there as well as for third parties that might have access to your
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk. A recently announced pair of vulnerabilities in the firmware for baseboard management controllers (BMCs) used by at least eight different manufacturers’ servers is the latest incident to show a supply chain vulnerability that can have an impact on enterprise computing.
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories. The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow developers to write applications without having to
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks. IT professionals at small businesses face a number of competing priorities. They’re generally individuals or small teams charged to “to it all,” from great customer user experience to company security. And 98%
Videoconferencing software maker downplays risks and says mitigations are on the way. Zoom Video Communications today announced changes to its videoconferencing client for Mac systems after a security researcher disclosed vulnerabilities in the software that, among other things, allows attackers to force users into video meetings without their permission. Zoom acknowledged the issues in a
Trusted relationships can become critical risks when suppliers’ systems are breached. When a platform is attacked, there are well-practiced tools and strategies for response. When a supply chain is attacked, as in the ShadowHammer attack that hit Asus and its customers, remediation can be much more of a challenge. Dark Reading last week reported on