Application Security News and Articles
Part 10: Implicit Process Create
Introduction
Welcome back to another installment of the On Detection: Tactical to Functional series. In the previous article, I argued that we perceive actions within our environment at the Operational level ...
Will CRI pledge work? International Counter Ransomware Initiative (CRI) hopes to pull rug from under scrotes.
The post We Won’t Pay Ransomware Crims — 40 Nations Promise Biden’s WH appeared first on Security Boulevard.
According to research done by ARMO, 100% of Kubernetes clusters that were tested contained at least one misconfiguration,
The post The new standard of Kubernetes misconfiguration remediation appeared first on ARMO.
The post The new standard of ...
VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges.
The post Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges appeared ...
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content.
Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. ...
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek.
Executives at SolarWinds are pushing back at the lawsuit filed this week by the Securities and Exchange Commission against the company and its top security official in connection with the high-profile cyberattack, with CEO calling the agency’s ...
Join us for this very special episode as we sit down with the IT and Security experts from the University of Richmond. John Craft (Director of Information Security), Keith McIntosh (Chief Information Officer), and Svetla Walsh (Information ...
As the holiday season approaches, brace yourselves for a sleigh-full of automated threats as shown by historical data.
The post 5 Bot-Driven Threats to Watch Leading Up to 2023 Holiday Sales appeared first on Security Boulevard.
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.
The post Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks appeared first on SecurityWeek.
In this blog, we will lay out what are some of the core features that you should look for in your CIEM solution, along with a couple of helpful questions for consideration in your search.
The post 5 Must Have Elements for Cloud Infrastructure ...
This blog explores popular attack surface threat vectors, and the steps businesses can take for attack surface management.
The post What is Attack Surface Management and How Has it Changed? appeared first on Security Boulevard.
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.
The post Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway appeared first on SecurityWeek.
Chrome 119 is rolling out to Linux, macOS, and Windows users with patches for 15 vulnerabilities.
The post Chrome 119 Patches 15 Vulnerabilities appeared first on SecurityWeek.
Just like having a strong observability platform, in the world of DevOps, ensuring the security of systems and applications is of utmost importance. In recent years, the risk of potential security breaches has increased, according to a British ...
During Q3 of 2023, new and old techniques appeared, creating a high volume of campaigns that reached users in environments protected by secure email gateways (SEGs). Throughout this quarter, we saw an increase in volume for both credential ...
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.
The post MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile appeared first on SecurityWeek.
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is dead.
The post DPI: Still Effective for the Modern SOC? appeared first on SecurityWeek.
Software bills of materials (SBOMs) have become a central component of enterprise efforts to secure the software supply chain. President Biden's 2021 Executive Order on Improving the Nation's Cybersecurity, EO 14028, made it a requirement for ...
Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines.
The post Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution appeared first on SecurityWeek.
