Application Security News and Articles
Apple and Google propose new industry specification for Bluetooth location-tracking devices, to prevent unwanted tracking.
The post Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices appeared first on SecurityWeek.
What did the U.S. Justice Department know about the SolarWinds fiasco? How early did it find out? And who did it tell?
The post SolarWinds hack: Did DoJ know 6 months earlier? appeared first on Security Boulevard.
Introduction
Impersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally led me digging into the Win32 API ...
Avetta has released the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in 10 areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Enigma 2023 – Moderator: Amira Dhalla, Consumer Reports, ...
Vulnerabilities in Netgear network management system allow attackers to retrieve cleartext passwords and escalate privileges.
The post Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation appeared first on SecurityWeek.
Google has added passkeys support to Google accounts on all major platforms as part of the company’s passwordless sign-in efforts.
The post Passkeys Support Added to Google Accounts for Passwordless Sign-Ins appeared first on SecurityWeek.
Users can now create passkeys for their Google account, the company has announced on Wednesday. Passkeys will enable users to sign in to their Google account on all major platforms and browsers with their fingerprint, face recognition, or a local ...
Chrome 113 was released to the stable channel with 15 security fixes, including 10 that address vulnerabilities reported by external researchers.
The post Chrome 113 Released With 15 Security Patches appeared first on SecurityWeek.
In a sentencing memorandum filed with a San Francisco federal court on April 27, 2023, prosecutors argued that Joe Sullivan—the former CISO of Uber and a former federal computer crimes prosecutor himself (with the same office)—should serve 15 ...
Cybercriminals are increasingly attacking the transportation sector. Read on for 5 data security management best practices in the transportation industry.
The post How to Manage Data Security in the Transportation Industry appeared first on ...
Vanta launched Vendor Risk Management (VRM) solution, enabling organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence. Featuring vendor auto-discovery and continuous vendor assessment and ...
In a previous article, 9 Device Fingerprinting Solutions for Developers, I outlined a set of open source and commercial solutions for device fingerprinting. What I didn't dig into in that article is how the fingerprints are actually used in ...
ManageEngine announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to ...
The wp-config.php file is one of WordPress’ most important files. It contains the configuration information required to make WordPress work. As the name suggests, it is written in PHP - the language upon which WordPress is built.
The post What ...
Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices.
The post Hackers Promise AI, Install Malware Instead appeared first on SecurityWeek.
Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, ...
Dashlane introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in ...
Phishing scams pose a significant risk to companies and can lead to great loss in the form of stolen account credentials, fraudulent payments and corporate data breaches, among others. According to IBM’s Security X-Force Threat Intelligence ...
PRESS RELEASE AWS customers can now easily access Maverics to unify multi-cloud identity management and modernize applications BOULDER, Colo., April 6, 2023 — Strata Identity, the Identity Orchestration company, today announced the availability ...
