Application Security News and Articles
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post An Easy Guide to Understanding Risk Management and Quantification, Part 1 | Kovrr blog appeared first on Security Boulevard.
Enhancing Cybersecurity Compliance: The SEC's new rulesThe Securities and Exchange Commission (SEC) has given new cybersecurity disclosure rules the green light. The SEC has recently approved new cybersecurity disclosure rules effective from July ...
Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable.
The post Downfall: New Intel CPU Attack Exposing Sensitive Information appeared first on SecurityWeek.
Cybersecurity has witnessed exponential growth in recent years, fueled by the increasing sophistication of cyber threats. As the demand for skilled professionals continues to surge, traditional approaches to education and job requirements are ...
With the increasing complexity of cyber threats and the global shortage of cybersecurity experts, organizations are looking for creative approaches to recruiting and retaining top talent. In this Help Net Security interview, Jon Check, Executive ...
The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware groups target the exfiltration of files The report also found that ...
Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to Fortinet. Ransomware detections 1H 2023 FortiGuard Labs has documented ...
Introduction
On 18 July 2023, Citrix published a security advisory that addressed a critical vulnerability with CVSS score 9.8 for CVE-2023-3519 for RCE (Remote Code Execution) in NetScaler ADC (formerly known as Citrix ADC) and NetScaler Gateway ...
Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid7 office locations.
The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek.
SandboxAQ launched Sandwich, an open-source framework that simplifies modern cryptography management and enables developers to steer their organizations towards cryptographic agility. With a unified API, Sandwich empowers developers to embed the ...
ElastiCache’s capabilities are better suited than Redis Cloud for our technical requirements and use cases, especially better scalability and pricing.
The post Breaking Down the Decision: Why We Chose AWS ElastiCache Over Redis Cloud appeared ...
The cybersecurity landscape is a dynamic battlefield where attackers constantly seek out vulnerabilities to exploit. In this context, the release of the list of top 12 routinely exploited vulnerabilities by CISA in August 2022 provides invaluable ...
It’s well-established: Triple-DES is a feeble encryption algorithm.
The post OWASP’s CycloneDX SBOM | Contrast Security appeared first on Security Boulevard.
The post Patch Tuesday Update - August 2023 appeared first on Digital Defense.
The post Patch Tuesday Update – August 2023 appeared first on Security Boulevard.
Patch Tuesday: A month after confirming active exploitation of Office code execution flaws, Microsoft has shipped patches for multiple affected products.
The post Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days appeared ...
August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a patch is ...
Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel.
Permalink
The post BSides Leeds 2023 – Liam Follin – How To Get Away ...
Introduction
Recently, while tracking global threat activity, the Zscaler ThreatLabz team discovered a new information stealer family called: Statc Stealer. Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains ...
Researchers at cybersecurity vendor Pentera knew that the attack method known as LOLBAS over the past few years has become an increasingly popular tool used by hackers to compromise systems and networks. LOLBAS – or ...
There’s a reason the automotive industry only tests vehicles once they are functionally complete — because it's the only way they can truly trust their product is going to perform as intended. Sure, the teams behind the individual parts that ...
