Application Security News and Articles
Recent findings from Microsoft Threat Intelligence reveal a concerning trend: threat actors exploiting vulnerabilities in Microsoft 365 and Azure environments to execute attacks, with a focus on OAuth application abuse. In this blog post, we ...
The surge in online shopping has unfortunately paved the way for numerous internet frauds. Cybercriminals are craftily establishing phony online boutiques, offering an array of products from trendy apparel to high-tech gadgets, and occasionally, ...
For those in charge of industry standards, ensuring rules are up to date and fit for purpose is a constant battle against time. And when it comes to addressing the risk of payment card data theft, the stakes couldn’t be higher. That’s why the ...
TrustCloud’s “Greatest Hits” of 2023 As we bid farewell to 2023, let’s take a stroll down memory lane and groove through the top hits of TrustCloud’s product releases. We’re breaking down your favorite chart-toppers, from the smooth ...
The PCI-DSS (Payment Card Industry Data Security Standard) is a set of industry-recommended requirements for business organizations that store, process, or transmit payment card details that aim to protect payment card data from theft, misuse, ...
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Puzzles’ appeared first on Security Boulevard.
As CMMC Final Rule approaches, one of the most common concerns defense contractors have is the cost of achieving compliance. CMMC will step up enforcement of the 110 NIST 800-171 controls, making compliance a prerequisite for continued work with ...
Read an intriguing real world story about how tainted data and API abuse can lead to the perfect digital bank heist.
The post That time I broke into an API and became a billionaire appeared first on Dana Epp's Blog.
The post That time I broke ...
Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching)
The post Under the hood of CVE patching appeared first on ARMO.
The post Under the hood of CVE patching appeared ...
Learn how to sift through the noise and focus on the threats likely to significantly impact your organization. Contents The Growing Challenge of Accurate Prioritization Gather Information on Persons of Interest (POI) Conduct Threat Assessments ...
The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. FBI develops ALPHV/Blackcat decryptor Over the past 18 months, ALPHV/Blackcat ...
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content.
Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. ...
Our digital world never stands still.
How we do business and interact with each other is evolving at a breakneck pace. We saw during the pandemic that digital transformation of all kinds can happen faster than we ever thought possible. It’s a ...
Another day, another huge leak: In October, they called it an “outage;” last month, it became a “cybersecurity incident;” now it’s a full-on PII leak.
The post Mr. Cooper Hackers Stole ~15 Million Users’ Data appeared first on ...
As we step into 2024, the cybersecurity arena continues to morph, posing persistent challenges amid a backdrop of high-profile breaches and relentless attacks. In this dynamic landscape, staying ahead demands a heightened security posture to ...
Apiiro, a leading application security posture management (ASPM) solution, today announced its partnership with Wiz, the leading cloud security company and Cloud Native Application Protection Platform (CNAPP) provider. By joining Wiz Integrations ...
DLP plays an important role, but it's not the only necessary component in a robust data protection strategy.
The post Beyond DLP: Embracing a Multi-Layered Strategy for Personal Data Security appeared first on Security Boulevard.
New, undetectable attacks called zero-hour threats are the current danger for cybercriminals. Traditional cybersecurity solutions cannot detect these attacks, which pose a significant risk. Over the past 30 days, the Menlo Labs research team has ...
As the year draws to a close, EclecticIQ’s Intelligence & Research Team looked back on the 2023 cyber landscape: from the evolving tactics of Chinese state-sponsored cyber operations, the increasing integration of AI tools by threat actors, ...
Fortinet announced the latest release of new, integrated operational technology (OT) security solutions and services. These additions further distance Fortinet’s industry-leading OT Security Platform from the rest of the market. “We ...
