Application Security News and Articles
More than a week after it suffered a crippling ransomware attack, the hotel giant MGM is struggling to recover. The attack, linked to the ransomware-as-a-service (RaaS) group known as ALPHV, or BlackCat, caused slot machines and ATMs in MGM’s ...
Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning.
The post Sysdig Launches Realtime Attack Graph for Cloud Environments ...
Author: Randy Griffith, Senior Security Consultant, CISO Global Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under ...
Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.
The post Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor appeared first on SecurityWeek.
Journey announced its partnership with Webex by Cisco to streamline customer experience and enhance security for businesses that utilize Webex Contact Center. Journey’s integrated identify platform is now available to all Webex Contact ...
SternX Technology achieves AICPA SOC 2 compliance, ensuring the security, integrity, confidentiality, and privacy of their systems and data.
The post AICPA SOC 2 Compliance: A Milestone for SternX Technology appeared first on SternX ...
What is DORA (EU)? The DORA Regulation (No. 2022/2554), known as the Digital Operational Resilience Act, is an important EU law about cybersecurity for financial institutions like banks or credit institutions. More than just having security for ...
Securing cloud identities isn’t easy. Organizations need to complete a laundry list of actions to confirm proper configuration, ensure clear visibility into identities, determine and understand who can take what actions, and on top of it all ...
In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand ...
September is National Insider Threat Awareness Month. We are doing our part to drive awareness for a sector of the security stack that is underrepresented in attention and budgets. Here’s a quick roundup of the key insider risk activities DTEX ...
In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy Mesta, CTO at KSOC, explores what it would take to protect against ...
Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. There could be significant changes within the Public Key Infrastructure (PKI) marketplace, the most ...
One in every six ransomware attacks targeting US government offices was traced back to the LockBit ransomware group, according to Trend Micro. Overall ransomware attack victim numbers increased by 47% from H2 2022. “We’ve observed a ...
It was great to chat last week on the topic of the new SEC Rules with my good friend Ed Amoroso (President of TAG Cyber, Professor at NYU and the former CSO of AT&T). A link to the recording of our discussion is here: And if listening to ...
Open-source threat intelligence (OSINT) is a valuable asset to pull from during incident investigations. However, doing this for every alert is monotonous and can be prone to human errors. When using SOAR security tools, you can build IoC ...
The automotive industry is one of the largest in the world, with sales estimated at $2.95 trillion for 2022. It’s also an industry undergoing profound change thanks to global supply chains and digital transformation — which means that the ...
A European-based organization in the transportation industry needed a way to protect its data with a solution that could mitigate sophisticated threats and move beyond basic threat detection capabilities. It required a holistic solution that ...
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, ...
Many thanks to Israel’s Tel Aviv University for publishing their presenter’s tremendous Cyber Week 2023 security content on the Tel Aviv University’s TAUVOD YouTube channel.
Permalink
The post Cyber Week 2023 & The Israel National ...
Hackers are using a bogus download page for Bitwarden’s password manager solution to target Windows users with a new remote access trojan (RAT) that’s designed to steal credentials and a range of information about the compromised system. ...
