Application Security News and Articles
Executive Summary Menlo Labs recently identified a phishing campaign targeting executives in senior level roles across various industries, but primarily Banking and Financial services, Insurance providers, Property Management and Real Estate, and ...
In our fast-paced digital world, striving for excellence is an ongoing journey marked by the relentless pursuit of innovation, efficiency, and a focus on the essential contributors: the developers. Our 9th annual State of the Software Supply ...
As of July 2023, the U.S. Securities and Exchange Commission (SEC) has moved to adopt a new cybersecurity rule on risk management, strategy, governance, and incident disclosure by public companies. The new rule requires SEC registrants to ...
Stack Identity announced its new Shadow Access Risk Assessment (SARA) — a free product that provides users with a daily report of Shadow Access risks in their environment. The rapid proliferation of large language models (LLMs), ChatGPT and ...
Passwordless Authentication Continues to Fail to Gain Traction Authentication is a cornerstone of cybersecurity, but strategies to reduce the common pitfalls and resulting security risks haven’t evolved. In 2023, the stakes are higher than ever ...
Actor Tom Hanks and talk show co-host Gayle King were warning fans about ads featuring imposters generated by artificial intelligence.
The post Actor Tom Hanks Warns of Ad With AI Imposter appeared first on SecurityWeek.
The widely believed notion that the network and the cloud are two different and distinct entities is not true.
The post Network, Meet Cloud; Cloud, Meet Network appeared first on SecurityWeek.
If adopted correctly, AI and ML could advance incident response efforts by spotting errors and vulnerabilities, communicating issues and improving defensive postures.
The post Using ML to Accelerate Incident Management appeared first on Security ...
Veriff launched its new Fraud Protect & Fraud Intelligence packages. These offerings provide organizations tools and expertise to mitigate fraud attempts and verify more genuine users efficiently. Each package is tailored towards meeting the ...
Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information.
The post Dozens of Malicious NPM Packages Steal User, System Data appeared first on SecurityWeek.
A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. ...
ComplyCube has launched a new Age Estimation feature to safeguard minors online and protect the vulnerable. The new capability complements its existing IDV-based Age Verification solution, offering an alternative to businesses that require a ...
Endpoint detection and response (EDR) is among the latest breed of security software designed to keep emerging and sophisticated cyberthreatsRead More
The post What Is Endpoint Detection and Response (EDR)? appeared first on Kaseya.
The post ...
Medius announces a new Fraud & Risk Detection product to help businesses proactively prevent fraud, and gain greater visibility and more control across the invoice to pay lifecycle. The new solution extends existing risk and compliance ...
Motel One says customer addresses and credit card information were compromised in a recent ransomware attack.
The post Motel One Discloses Ransomware Attack Impacting Customer Data appeared first on SecurityWeek.
Twenty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in September 2023.
The post Cybersecurity M&A Roundup: 28 Deals Announced in September 2023 appeared first on SecurityWeek.
The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors.
The post Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities appeared first on ...
Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products.
The post Companies Address Impact of Exploited Libwebp Vulnerability appeared first on SecurityWeek.
Public key infrastructure (PKI) relies on two different cryptographic keys, a public key and a private key, to encrypt and decrypt data. These complex algorithms use mathematical formulas to generate digital certificates with unique digital ...
Everyone’s heard of zero trust architecture, but why has it become best practice for enterprises around the globe? There’s no shortage of cybersecurity buzzwords. Among them, “zero trust” stands out not just as a trendy term, but as a ...
