Application Security News and Articles
PV OT: VPN PDQ! 9.8 CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems.
The post Contec SolarView: Critical Bug Unpatched After 14 MONTHS appeared first on Security Boulevard.
Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws.
The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek.
Join security engineer Kayssar on a captivating journey as he delves into the achievements and challenges encountered by GitGuardian's security team throughout the year. And distills invaluable insights on fostering a culture of security ...
Summary
Discover the intricate layers of a new sophisticated and persistent malware campaign targeting businesses in the LATAM region delivering the TOITOIN Trojan. Delve into the multi-stage attack methodology, from deceptive phishing emails to ...
What is SOC 2? SOC 2 (Service Organization Control 2) provides a framework for assessing and reporting on the security, availability, processing integrity, confidentiality, and privacy of systems and data of service organizations. It was ...
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023.
The post In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack ...
Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel.
Permalink
The post BSides Knoxville 2023 – Zachary Hunsaker – Open Source ...
Former contractor employee charged with hacking for accessing the systems of a water treatment facility in California to delete critical software.
The post Former Contractor Employee Charged for Hacking California Water Treatment Facility ...
In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware.
The post Iranian Cyberspies Target US-Based Think Tank With New macOS Malware appeared first on SecurityWeek.
Threat Overview – CL0P Ransomware First emerging in 2019, CL0P Ransomware, often simply referred to as “clop,” has since steadily established its infamy across the globe. Allegedly originating in Russia, CL0P poses a substantial threat to ...
Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks.
The post Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks appeared ...
There's a growing likelihood for catastrophic cyberattacks on vehicles that could disable brakes, take over steering and even steal personal information.
The post Digital ‘Birth Certificates’ for Vehicular Cybersecurity appeared first on ...
SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain.
The post OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain appeared ...
TechSpective Podcast Episode 113 Do you have a right to privacy? Should you–as a consumer or individual–have control over your personal data, which companies are allowed to collect or access it, and how it is used? It seems reasonable, ...
StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed ...
Cyble has discovered more than 130,000 Photovoltaic monitoring and diagnostic solutions exposed to the internet.
The post Security Firm Finds Over 130k Internet-Exposed Photovoltaic Diagnostics Systems appeared first on SecurityWeek.
There is no debate, regardless of sector, that an organization’s most valuable resource is its people. It makes sense then that an Employee Assistance Program (EAP) can support a holistic Insider Risk Management (IRM) program. Indeed, an EAP is ...
To get ahead of the adversaries in this new AI age, cybersecurity research into new generative AI attacks and defenses must be further along.
The post How to Strengthen Cybersecurity in the Age of AI appeared first on Security Boulevard.
By William E Bodell III (@WEBthe3rd) On March 28, 2023, SafeMoon, a self-styled “community-focused DeFi token” on Binance Smart Chain, lost the equivalent of $8.9 million in Binance Coin BNB to an exploit in a liquidity pool. The exploit ...
Two applications hosted on Google Play, with over 1.5 million combined downloads, were caught sending user data to servers in China.
The post Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers appeared first on SecurityWeek.
