Application Security News and Articles
FusionAuth is proud to announce the next big thing in end user authentication.
Passwords suck
Standards body, such as NIST, no longer recommend using complex password rules as a means to increase password security.
Many attacks associated with ...
On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The ThreatLabz Team immediately started hunting for IoCs on the Zscaler Cloud.
We observed ...
CISOs and GRC officers are quickly recognizing the growing threats posed by misconfigured SaaS applications and integrations between SaaS apps. On average, 30% percent of corporate sensitive data now is processed or resides in SaaS applications ...
In this blog we talk about the future of XDR in Security Operations. What does...
The post The Future of XDR in Security Operations appeared first on Gurucul.
The post The Future of XDR in Security Operations appeared first on Security Boulevard.
For Women’s History Month, we are asking RiskLens staff members for their thoughts on the current status and outlook for women in the cybersecurity field and technology generally.
The post Women’s History Month at RiskLens: More Voices ...
What is CISA Directive BOD 23-01? In October 2022, the US Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the United States Department of Homeland Security (DHS), issued a new directive called BOD 23-01. This ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Andreas Kogler, Jonas Juffinger, ...
Noname Security this week extended the reach of its platform for securing application programming interfaces (APIs) to make it easier to discover APIs and visualize the workflows that revolve around them. Specifically, the company has added to ...
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it ...
As the world continues to evolve and adopt new technologies, the modern workforce has changed significantly, and so have the opportunities and challenges that come with it. The advent of mobile devices, combined with the explosion of SaaS ...
The post Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea appeared first on Security Boulevard.
via the respected Software Engineering expertise of Mikkel Noe-Nygaard as well as the lauded Software Engineering and Enterprise Agile Coaching talent of Luxshan Ratnarav at Comic Agilé! (Note: This comic has been published today out of sequence ...
Account Takeover (ATO) is an increasingly sinister form of online identity theft that is becoming more and more pervasive. Bad actors are able to gain unauthorized access to accounts and wreak havoc on the businesses they target. This malicious ...
Threat Summary The 3CX DesktopApp is a voice and video conferencing software developed by 3CX – a widely used application, utilized by an estimated 600,000 companies. However, attackers potentially linked to North Korea have trojanized the ...
Insight #1
"
Microsoft Security Copilot, a generative AI approach to helping secure your systems was announced this week. This is exciting for all security teams, especially those who are dealing with alert fatigue and constrained ...
In today’s business landscape, managing risk has become an increasingly critical concern. The “usual” risks (such as data breaches) paired with the completely unforeseen ones (like the collapse of SVB) have made companies more cautious with ...
OpenAI’s ChatGPT was forced to halt service for a few hours earlier this week in order to fix an issue in an open-source library. The vulnerability may have exposed some users’ payment data. The company published a blog post on March 24, ...
With the accelerated growth of online retailers — especially after the Covid pandemic — we are witnessing an alarming rise in the deployment of malicious bots. While it’s certainly the case during the holiday sales season, digital ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Rahmadi Trimananda, Hieu Le, Hao Cui, ...
The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product.
The post FDA Announces New Cybersecurity Requirements for Medical Devices appeared first on SecurityWeek.
