In Cigital’s seventh annual Building Security in Maturity Model report, cloud, agile software development and IoT factor into maturing secure software movement.

Government ICS report reveals access control a major issue for sector along with nagging issues around poor code quality and cryptography.

Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities.

With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses. “Tomorrow it’s going to be business as usual, but it will also raise anxiety as we get closer to October,” said Chris...

Eleven critical vulnerabilities have been patched in network management systems (NMS) from four leading manufacturers: Cloudview, Netikus, Paessler and Opmantek. The flaws enable remote cross-site scripting and command-injection attacks. Public disclosure of the vulnerabilities coincided with a technical description by Rapid7 released Wednesday; the research compliments earlier work on similar bugs found in 2015. Each of the 11 vulnerabilities varied...

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync passwords in addition to any...

VMware this week patched a single vulnerability that pops up in two of its products that allows an attacker to elevate privileges on a compromised machine. The virtualization company patched CVE-2016-5335 in its Identity Manager and vRealize Automation software. “Exploitation of this issue may lead to an attacker with access to a low-privileged account to...

Datadog, a software-as-a service-based provider of IT infrastructure monitoring and analytics services, has forced a password reset on all of its user and admin accounts following a breach last Friday. “We have detected unauthorized activity associated with a handful of production infrastructure servers, including a database that stores user credentials,” company CSO Andrew Becherer said...

Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting that accounts was targeted in a password reuse attack. According to a statement issued by Carbonite on Tuesday hackers were attempting to break into user accounts using stolen credentials. In some cases, personal information may have been exposed,...

Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching by IBM researchers and is becoming a growing new threat to businesses vulnerable to attacks. According to IBM’s X-Force researchers, the...