Application Security News and Articles


Vulnerability in Toyota Management Platform Provided Access to Customer Data

A vulnerability in Toyota Customer 360 CRM platform provided a security researcher with full access to the car maker’s Mexican customers The post Vulnerability in Toyota Management Platform Provided Access to Customer Data appeared first on ...

External Cybersecurity for Executives: A Practical Guide

The closely-connected nature of executives and their corporations means many CEOs are already the established targets of cybercriminals seeking access to corporate assets. When it comes to executive cybersecurity, it often is not a matter of ...

Introducing The Complete Guide to SecDataOps and Vulnerability Management on AWS

After going back and forth with my LinkedIn followers in mid-2022 about a post on vulnerability management on AWS, I transformed the thought into 110 pages (thanks to screenshot and code snippets) into what I believe to be the definitive resource ...

A Letter to the Modern CISO: Part 1

Reading Time: 4 minutes Are You Feeling Cloud Security Imposter Syndrome? The typical cloud is likely less secure than an organization believes it is, and that is because most security professionals do not have a clear picture of their entire ...

Dismantling the Ransomware Business Model

Every day, coordinated crime groups are developing more advanced skills to attack organisations’ networks. The number of ransomware attacks has increased significantly, and it’s getting easier for sophisticated cybergangs to access ...

How federal agencies can prevent evasive web threats

2023 is shaping up to be a transformative year for security teams in the federal government. Regulations, such as the Cybersecurity Maturity Model Certification (CMMC) that requires agencies to better authenticate remote access for employees and ...

Acer Confirms Breach After Hacker Offers to Sell Stolen Data

Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company. The post Acer Confirms Breach After Hacker Offers to Sell Stolen Data appeared first on SecurityWeek.

3 Things Businesses Need to Know About Safely Employing Contractors

Many organizations are turning to consultants and external groups for help, but this approach can be risky for an organization's security. Here are 3 steps to mitigate risk. The post 3 Things Businesses Need to Know About Safely Employing ...

Hybrid Systems: AI and Humans Need Each Other for Effective Cybersecurity

The sudden mainstreaming of chatbots and generative AI like ChatGPT has a lot of people worried. They believe this is the AI technology that will replace them. Fortunately, that’s not actually the case. The more likely scenario is that ...

Prompt Injection Attacks on Large Language Models

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice ...

Edgeless Systems Raises $5m for Trustworthy Data Processing

German cybersecurity start-up Edgeless Systems raises $5 million to build an open-source stack for confidential computing. The post Edgeless Systems Raises $5m for Trustworthy Data Processing appeared first on SecurityWeek.

Talking Cyberinsurance With Munich Re

SecurityWeek spoke to Chris Storer, head of the cyber center of excellence at reinsurance giant Munich Re, for the cyber insurers’ view of cyberinsurance. The post Talking Cyberinsurance With Munich Re appeared first on SecurityWeek.

Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia

Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. The post Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia ...

Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing

Wallarm Detect warns of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). The post Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing appeared first on ...

Secure software development for modern vehicles

Targeted software security practices can help overcome challenges in satisfying emerging cybersecurity standards in the automotive industry. The post Secure software development for modern vehicles appeared first on Security Boulevard.

Akamai Adds Agentless Option for Securing IoT and OT Devices

Akamai Technologies today extended the reach of its microsegmentation platform by adding support for an agentless approach to secure internet-of-things (IoT) and operational technology (OT) devices. In addition, the company is launching an Akamai ...

What is XML External Entity, How to Find XXS Vulnerabilities and Patch Them

XXE (XML External Entity) vulnerability is a type of security flaw that occurs when an XML parser processes input from untrusted sources. The post What is XML External Entity, How to Find XXS Vulnerabilities and Patch Them appeared first on ...

Android’s March 2023 Updates Patch Over 50 Vulnerabilities

Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform. The post Android’s March 2023 Updates Patch Over 50 Vulnerabilities appeared first on SecurityWeek.

100 Years of Trust Theory: Buber’s “I and Thou”

The Philosophy of Martin Buber (1878–1965) is foundational to modern thinking about trust. In the years following WWI, as a minority being oppressed by the rise of violent racist nationalism, he argued one’s self is constructed in how ...

Last Month’s Agenda: ISO 27001:2022 Updates, Add Quick Comments and Automate Your Audit Scope!

Take a look at what February had in store for our customers with some exciting updates to our compliance automation platform! The post Last Month’s Agenda: ISO 27001:2022 Updates, Add Quick Comments and Automate Your Audit Scope! appeared first ...