Application Security News and Articles
Now in its 27th year, the Black Hat USA conference has grown into one of the biggest and most prestigious cybersecurity shows in the world — a showcase for top security experts and companies.
The post 8 Black Hat sessions you don’t want to ...
To combat sophisticated and relentless threats effectively, organizations must adopt a collaborative approach that goes beyond their individual security measures. Threat intelligence sharing has emerged as a powerful strategy to enhance ...
On August 3, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a call to action addressing the challenges we face securing UEFI and responding to incidents where attackers have leveraged weaknesses in UEFI ...
Organizations need to go beyond traditional security measures to effectively protect their valuable assets and maintain a strong security posture. They must harness the power of actionable threat intelligence, which provides timely and relevant ...
via the webcomic talent of the inimitable Daniel Stori and Michael Tharrington at Turnoff.US.
Permalink
The post Daniel Stori’s and Michael Tharrington’s – ‘First Day On The Job’ appeared first on Security Boulevard.
A Google report showed the majority of cloud security issues involved stolen credentials followed by misconfigurations.
The post Google Report Reveals Most Widely Used Cloud Attack Vectors appeared first on Security Boulevard.
Insight #1
While it’s exciting to see the Securities and Exchange Commission (SEC) requiring (
PDF) incident disclosures for cybersecurity breaches within four days, it’s disappointing that they didn’t move forward with requiring ...
Legacy PKI infrastructure may be the anchor weighing down your cloud strategy. Twenty years ago, on-premises infrastructures were the norm. Certificate usage was a fraction of what it was now, and certificate lifecycles now are a fraction of what ...
In addition to the rise in remote and telework, people are conducting more of their personal business online — everything from getting the news to seeing the doctor to paying taxes. This move is a part of what's driving organizations in all ...
A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted.
The post A Cyberattack Has Disrupted Hospitals and Health Care in Five States appeared first on ...
Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel.
Permalink
The post BSides Leeds 2023 – Brad Storan – Evasion On Aisle ...
The rapidly evolving “pig butchering” ecosystem is adding another – and unsurprising – tool to its malicious arsenal: generative AI. Operators behind what cybersecurity firm Sophos dubs “CryptoRom” scams are now using AI chatbots like ...
Onapsis Research Labs Advisory: CISA AA23-215A Issued to Highlight the Most Consistently and Frequently Exploited Vulnerabilities in 2022
ltabo
Fri, 08/04/2023 - 14:27
Yesterday, we saw the release of a new security advisory co-authored and ...
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 31, 2023.
The post In Other News: Cybersecurity Funding Rebounds, Cloud Threats, BeyondTrust ...
Learn how to better protect your organization from attacks by looking at how attackers compromised a Microsoft signing key. Secure your keys and actively monitor code and logs.
The post Protect Your Keys – Lessons from the Azure Key Breach ...
Datadog announced Security Inbox, a new capability for engineers to prioritize and remediate the most important security issues impacting their production applications. Traditional security products specialize in identifying massive volumes of ...
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or ...
Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems.
The post Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft appeared ...
Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 ...
Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of ...
