Application Security News and Articles
This blog focuses on two important things: the HTTP parameter pollution attack and mass assignment vulnerability. It helps developers to understand the risks that web apps can face and how to make them safer. The blog talks a lot about […]
The ...
The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and ...
Insider risk teams face many challenges, but a common challenge I hear about is this: How can you enforce your acceptable use policies when you have a mix of managed and unmanaged/BYOD devices for the same employees? What if you could leverage ...
The U.S. Office of the National Cyber Director (ONCD) released a request for information (RFI) entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government’s effort to invest ...
Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities. Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple ...
Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Threat actors are not only targeting IT systems, but have now set their sights on ...
Continue reading on Medium »
If you’re a defense contractor handling Controlled Unclassified Information (CUI), then your contract will have a DFARS 252.204-7012 clause in it that requires you to protect that sensitive information. While that may seem clear enough, in ...
Cloud environments and the applications running on them present an enormous attack surface that’s frequently exploited. Protecting runtime environments in the cloud is certainly a top concern for any CISO, but solutions that detect and mitigate ...
U.S. law enforcement announce the disruption of the notorious Qakbot cybercrime operation and the release of an auto-disinfection tool to 700,000 infected machines.
The post Operation ‘Duck Hunt’: Qakbot Malware Disrupted, $8.6 Million in ...
Economic downturns often trigger cost-cutting and layoffs. And while it may appear counterintuitive to advocate for new business investments, the reality is that recessions don’t stop cybercrime and data leaks. So cybersecurity programs ...
It’s a landmark shift when our children leave the house to begin their lives as adults. As they pick up the last boxes and bags from their room and set out into the world, we give them love and encouragement in hopes of success in the job, the ...
Many IT decision-makers ponder about potentially hiring a cybersecurity consultant. With such a dynamic and sophisticated threat landscape to contend with, genuine expertise and guidance are more valuable than ever. Companies operate in a ...
Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel.
Permalink
The post BSides Cheltenham 2023 – David Abrutat – A Potted ...
VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.
The post VMware Patches Major Security Flaws in Network Monitoring Product appeared first on ...
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing ...
LogRhythm SIEM combined with CimTrak provides the ability to immediately detect and remediate threats across the enterprise BROOMFIELD, Colo., August 29, 2023—LogRhythm, the company helping security teams stop breaches by turning disconnected ...
The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet, the ...
SMS toll fraud is putting a severe financial burden on social media businesses, as cybercriminals exploit this communication channel for illegal financial gain. Businesses can foil these attempts by implementing robust technology-driven solutions ...
Co-founder and chief architect of Netography Barrett Lyon knew security technology would need to evolve as networks became more atomized. His new blog discusses his and Dan Murphy’s journey to build the NDP category for watching, analyzing, and ...
