Application Security News and Articles
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT ...
What is DORA? DORA, or the Digital Operational Resilience Act, marks a transformative milestone in financial regulation. Published in the Official Journal of the European Union on December 27, 2022, DORA officially came into force on January 16, ...
DTEX Systems has a new CEO. Meet Marshall Heilman: Former Red Teamer and Incident Responder, long-time Mandiant executive and man on a mission to deliver the best insider risk protection in the world. Marshall, welcome to DTEX. You kicked off ...
Confirm launched a portable digital identity solution designed to bolster trust and security in online marketplaces. Using identity protocols paired with intuitive user experiences, Confirm allows people to create a secure, verified digital ID ...
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the ...
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service (CaaS) businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars. Images of ...
Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack ...
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an organization’s AI needs GuardRail OSS offers an API-driven framework for advanced data ...
The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It’s a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained ...
CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI at everyone’s mind. Instead of playing catch-up regarding the security of emerging tech like generative AI, organizations will ...
What will 2024 hold for the cybersecurity landscape? In this Help Net Security video, Steve Cobb, CISO at SecurityScorecard, offers his take on what professionals can expect next year.
The post Staying ahead in 2024 with top cybersecurity ...
Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious ...
One common pain point we hear from our Fortune 1000 customers, like the following from a CISO at a major US-based telecommunications company, is quite revealing- “Now we’ve got activities coming from Leadership, legal, the board of directors, ...
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, ...
In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the ...
We've got cocktails, we've got elixirs, we've got sweets and sides. Here are a few of our favorite things to whip up for the holidays.
The post Our favorite recipes for the holiday season – Nudge Security appeared first on Security Boulevard.
Our latest update to Smart SOAR brings many enhancements that provide a more nuanced control over incident management and tenant operations. Key updates include a redesigned Playbook Editor with a new task bar and task templates for more ...
... Read more »
The post Reachability Analysis for Prioritization of SCA Findings appeared first on Deepfactor.
The post Reachability Analysis for Prioritization of SCA Findings appeared first on Security Boulevard.
In American
military circles, there exists a term “embrace the suck”. It means to consciously recognize and accept that
something will be extremely unpleasant so as to not let it discourage from
pursuing the best path to success. It ...
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content.
Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. ...
