Application Security News and Articles
At its core, cyber threat exposure management (CTEM) is the culmination of traditional vulnerability management, threat intelligence, and attack surface management. In the past, organizations focused on identifying and patching software ...
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code ...
In Q3 2023 a series of ransomware attacks by similar threat actors created
headlines and blurred the lines of attribution.
The post Scattered Ransomware Attribution Blurs Focus on IR Fundamentals appeared first on Security Boulevard.
The Office of Management and Budget (OMB) released a Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP) on Friday, Oct 27, 2023. FedRAMP was codified in 2022 when Congress passed the FedRAMP ...
A 20-year-old Floridian was sentenced to prison for his role in a hacking scheme that led to the theft of $1 million in cryptocurrency.
The post Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft appeared first on SecurityWeek.
Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.
The post Proofpoint to Acquire Tessian for AI-Powered Email Security Tech appeared first on SecurityWeek.
The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing.
The post Boeing Investigating Ransomware Attack Claims appeared first on SecurityWeek.
New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity.
The post Apple Improves iMessage Security With Contact Key Verification appeared first on SecurityWeek.
Immuta released Immuta Discover, a new product for automated tagging and classification on cloud data platforms. Immuta Discover enables data teams to establish and maintain highly accurate metadata for the primary purpose of data access control, ...
Cybersecurity has become one of the most pressing threats that an organization can face, where poor cybersecurity can lead to operational disruptions, regulatory enforcement, lost sales, a tarnished corporate reputation, and much other trouble. ...
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack.
The post Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack appeared first on SecurityWeek.
Insider threats pose serious risk. SternX provides leading technology and expertise to help businesses implement insider threat risk assessment programs, assess vulnerabilities, monitor for risks, and build robust defenses.
The post SternX ...
Netwrix has released new versions of eight products since March 2023. The enhancements further help customers reduce the risk of breaches and limit the impact of attacks by empowering IT teams to fortify the security posture and to promptly ...
A Bitdefender study found nearly half of Halloween-themed spam is fraudulent, with 69% of the spam hitting U.S. inboxes.
The post Spookiest Hacks, Cybercriminals and Tactics Lurking in 2023 appeared first on Security Boulevard.
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.
The post Hackers Earn Over $1 Million at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). New standards for AI safety and security As AI’s capabilities grow, so do its ...
On November 29, 2022, AWS announced the eXternal Key Store (XKS) capability for AWS Key...
The post External Key Storage for AWS cloud using nShield HSMs appeared first on Entrust Blog.
The post External Key Storage for AWS cloud using nShield ...
Identity theft isn’t a new phenomenon, but its rise in the executive world can no longer be ignored. As a CISO, you understand the importance of safeguarding not only your organization’s data but also the personal information of your ...
By Will Brattain Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affects iOS versions 10 and later and macOS versions 10.12 and later. The flaw resides in Apple’s App Transport Security (ATS) protocol handling. We ...
Do the SEC's new rules qualify as government overreach? Sysdig's Crystal Morin explores the issue.
The post SEC Regulations, Government Overreach and Access to Cybersecurity Information appeared first on Security Boulevard.
