2:00

Ticketmaster only says in its filing to

2:02

the state of Maine that there were more

2:04

than 1,000 victims. Well,

2:07

a threat actor claims to have stolen

2:09

personal information of 560 million people. Ticketmaster

2:14

says those victimized bought tickets

2:16

to events in the US,

2:18

Canada and Mexico. Data

2:21

stolen includes email addresses, phone

2:23

numbers, encrypted credit card information,

2:26

as well as some other personal

2:29

information the customers gave the company.

2:33

A new software vulnerability is

2:35

published by researchers and security

2:37

companies every 17 minutes. That's

2:41

the conclusion of Skybox Security after

2:43

looking at data in its annual

2:46

Vulnerability and Threat Trends report. Nearly

2:49

half of all newly discovered

2:51

vulnerabilities are classified High or

2:53

Critical. This

2:55

is why it's vital for IT teams

2:57

to prioritize which patches need to be

2:59

installed based on the sensitivity of applications

3:01

and data. 25%

3:04

of vulnerabilities are exploited the same day

3:07

as they're announced. Three

3:09

quarters are exploited within 19 days.

3:14

How secure are the applications in

3:16

your IT inventory? Well,

3:18

IT leaders are increasingly asking

3:21

software providers to give them

3:23

a software bill of materials

3:25

so they can judge how

3:27

vulnerable their applications are, particularly

3:29

software that uses open source

3:31

components. According

3:33

to Chuck Marx's just released

3:35

State of Software Supply Chain

3:38

Security, half of

3:40

security leaders and developers surveyed

3:42

say they request software bills

3:44

of materials from software vendors.

3:48

On the other hand, about the same number

3:50

admit that they are not using this information

3:52

effectively. The

3:54

report also argues that software bills of materials

3:57

should only be part of the software

3:59

bill of materials.