Application Security News and Articles
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) The exploitation of the Citrix ...
Last week I spoke for Jersey Cyber Security Centre ( CERT.JE) about the changing threats facing us — from the very active offensive cyber campaign forming part of the war in Ukraine, to the emerging threat from AI tools that can be used for ...
Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.
Permalink
The post BSides Sofia 2023 – Victor Bonev – Secure Distroless OCI Images Via YAML ...
Waterfox came into the browser scene in 2011, coming right out the box with official x64 support (a rarity among browsers at the time) and promoted itself as an "ethical browser."
However, many things have changed in the browser landscape, and ...
In early June 2023, OWASP released the final version of the OWASP API Security Top-10 list update. At that time we published a “hot take” on this final version and followed that up with an in-depth look at the new risk ratings for 2023. Today ...
The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub.
The post GitHub Developers Targeted by North Korea’s Lazarus Group appeared first on Security ...
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn't shifted much since is that very few of these companies list any security professionals within their ...
Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.
Permalink
The post BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard ...
This is a quick tutorial on how to get started with Repository Health Check (RHC) 2.0, available in Sonatype Nexus Repository Manager 3.3.
The post How to use Repository Health Check 2.0 appeared first on Security Boulevard.
For startups looking to win business and build trust with potential clients, a robust security program and effective response to security questionnaires are essential. Whether you’re new to security questionnaires or just need a refresher, we ...
Dell Technologies added orchestration capabilities to its data protection software that makes it simpler for IT teams to schedule backup.
The post Dell Adds Orchestration Capabilities to Data Protection Platform appeared first on Security Boulevard.
via the inimitable Daniel Stori, crafting superb comics at turnoff.us!
Permalink
The post Daniel Stori’s ‘Annoying Software’ appeared first on Security Boulevard.
Identity threat detection and response (IDTR) equips enterprises to protect digital identities along with the identity systems that manage them.
Digital identity data is a cybercriminal's favorite target. The 2023 ForgeRock Identity Breach Report ...
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.
The post Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails appeared first on SecurityWeek.
As ransomware affiliates are paid less frequently, they have adapted their
strategies to compensate for the shifting dynamics of cyber extortion.
The post Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments ...
Two banks earlier this year were the targets of open source supply chain attacks, the first of their kind in the industry.
The post Software Supply Chain Attackers Targeting Banks, Checkmarx Says appeared first on Security Boulevard.
Insight #1
WormGPT is a thing. The tool — being sold on hacker forums and considered “ChatGPT’s evil cousin” — shows that cybercriminals are taking advantage of Large Language Models (LLMs) to produce detection-resilient cyberattacks ...
CVE-2023-38408, discovered by the Qualys Threat Research Unit (TRU), describes an RCE (remote code execution) vulnerability made possible by an unwanted interaction between OpenSSH’s ssh-agent executable, the dlopen() and dlclose() functions ...
IGEL has announced the appointment of Klaus Oestermann as CEO. A proven leader in growing global software businesses, Oestermann succeeds Jed Ayres who will continue on as IGEL Company Advisor. Oestermann, who brings a track record for scaling ...
Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.
Permalink
The post BSides Sofia 2023 – Alexander Nedelchev – Unencrypted Malware, The ...
