Application Security News and Articles
Who is Black Basta? Black Basta (AKA BlackBasta) is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that first emerged in early 2022 and immediately became one of the most active RaaS threat actors in the world, ...
This article was originally published in Spiceworks on 6.19.23 by Charlie Sander, CEO at ManagedMethods. The education sector faces evolving cyber threats: insider errors, ransomware attacks, and vendor vulnerabilities. Schools face evolving ...
Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.
The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek.
Checkmarx disclosed how cybercriminals can hijack S3 storage bucket binaries on the AWS cloud by replacing binaries with malicious ones.
The post Checkmarx Details Potential Threats to AWS S3 Buckets appeared first on Security Boulevard.
Learn how your secrets management can affect your DevOps performance, measured by DORA metrics, as well as increase your risk as an organization.
The post How Your Secrets Management Maturity Can Impact Your DevOps Research and Assessment ...
A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums.
The post New Information Stealer ‘Mystic Stealer’ Rising to Fame appeared first on SecurityWeek.
Securing valuable intellectual assets with intellectual property security is an unfortunate necessity Intellectual property (IP) has become the lifeblood of many organizations, driving innovation, market differentiation, and competitive ...
This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows ...
And now, this: John-Oliver-pics protest won’t change Reddit policy, but will ransom demand work?
The post Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M appeared first on Security Boulevard.
ESET expanded its unified cybersecurity platform, ESET PROTECT, with a new subscription tier for businesses requiring all-in-one prevention, detection and response. Available immediately, ESET PROTECT Elite delivers enterprises, small and midsize ...
MixMode Sales Engineer, Josh Snow, explores a real-time threat detection use case involving The MixMode Platform and its ability to identify PowerDrop, a malicious Powershell script that has been specifically targeting the aerospace industry and ...
Coauthors: Srinivas Loke, Gowri Sunder Ravi Progress Software, which makes the MOVEit Transfer app, first disclosed a vulnerability for the MOVEit application on May 31st, 2023. The MOVEit application is a managed file transfer software produced ...
Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability.
The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek.
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
iStorage added a new encrypted flash drive to its highly successful datAshur range. The new datAshur PRO+C, with the Type-C interface, is the flash drive pending the new FIPS 140-3 Level 3 validation scheme. This offers robust guarantees as to ...
The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit.
The post Ransomware Gang Takes Credit for February Reddit Hack appeared first on SecurityWeek.
Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.
The post Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of ...
Reading Time: 6 minutes When it comes to insufficient cloud security measures, organizations are unaware of the danger they face. Perhaps their organization migrated to the cloud and brought along the same security tools and data and identity ...
If your company uses software under a license agreement that gives audit rights to the software vendor—and your company probably does—you may well have an adventure in your future. Vendors do, in fact, conduct software audits on a regular ...
IBM announced plans to expand its longstanding partnership with Adobe to help brands successfully accelerate their content supply chains through the implementation of next-generation AI including Adobe Sensei GenAI services and Adobe Firefly ...
