Application Security News and Articles
Security firm Mandiant Consulting released a report Wednesday that traced the breach at 3CX back to yet another supply chain-compromised application: X-Trader, a derivatives trading software application manufactured by the firm Trading ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Daniel Genkin, Noam Nissan, Roei Schuster, ...
Attackers are installing the abandoned Eval PHP plugin on compromised WordPress sites to inject PHP code into web pages.
The post Abandoned WordPress Plugin Abused for Backdoor Deployment appeared first on SecurityWeek.
Five Eyes agencies have issued joint cybersecurity guidance and best practices for smart cities.
The post Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities appeared first on SecurityWeek.
Digital transformation and the modern workforce posed unique challenges for cybersecurity, but the COVID-19 pandemic caused a seismic shift in the way businesses operate, with many organizations embracing remote work as a necessary response to ...
As the availability of unique IPs and user agents wanes and cookie reliability remains half-baked at best, device fingerprinting has emerged as a serious contender in the battle against online fraud and abuse. The aim of fingerprinting is to ...
A vulnerability in Google Cloud Platform allowed attackers to modify and hide OAuth applications to create a stealthy backdoor to any Google account.
The post Google Cloud Platform Vulnerability Led to Stealthy Account Backdoors appeared first on ...
CISOs today are in a pinch. On one hand, the cybersecurity industry’s talent problem persists, with 3.4 million unfilled positions according to the (ISC)² Cybersecurity Workforce Study. And on the other hand, IT spending is facing tough ...
The larger they grow, the more criminal organizations resemble legitimate businesses, with small criminal organizations allocating nearly 80% of their operating expenses to wages, while larger organizations mirror their legitimate counterparts ...
GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting.
The post GitHub Announces New Security Improvements appeared first on SecurityWeek.
A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users.
The post House Committee Hears ...
Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company.
The post Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information ...
There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted access and that ...
Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small ...
Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a ...
47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the ...
Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based ...
Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the ...
Cofense has released Cofense Protect+, a fully integrated and automated email security solution specifically designed to protect mid-size organizations from ever-evolving cyber threats. Today’s mid-market organizations are faced with growing ...
Bugcrowd has released new capabilities in its Penetration Testing as a Service (PTaaS) offering that enables buyers to purchase, set up, and manage pen tests directly online without a need for lengthy sales calls and scoping sessions. PTaaS is ...
