Application Security News and Articles


Cyber Observations from a CISO Village Elder

“By thinking in a more sophisticated, analytical way about what constitutes good behavior and anomalous behavior, you get a much higher fidelity of alerts.” The post Cyber Observations from a CISO Village Elder appeared first on ...

Preventing corporate data breaches starts with remembering that leaks have real victims

When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be ...

HR’s Growing Role in Cybersecurity

Companies worried about cybersecurity should know that the real risk is inside their corporate firewall. Corporate leaders spend a lot of time worrying about nation-state actors and ransomware gangs, but in Gartner Predicts 2023: Cybersecurity ...

Vulnerability in DJI drones may reveal pilot’s location

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that ...

China-aligned APT is exploring new technology stacks for malicious tools

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. Execution graph showing the ...

Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module

Palo Alto Networks released new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy AI technology to detect identity-driven attacks within seconds. The ...

Advanced Persistent Threat Groups Behind DDoS Attacks on Danish Hospitals

On Sunday 26 February the websites of several Danish hospitals were taken offline after being hit by Distributed Denial of Service (DDoS) attacks claimed by a group calling themselves ‘Anonymous Sudan’. According to reports on Twitter patient ...

F5 and Visa join forces to enhance security throughout the customer experience

F5 and Visa join forces to enable merchants to securely reduce login friction for their customers. Customers expect seamless commerce experiences and transactions to be secure. Yet, in today’s digital-first world, customers are under threat ...

Marriott Hosts “I love Hitler” Rally in Washington DC

Marriott has a long and sordid history of promoting hate groups by giving them a platform. 2023 is turning out to be not that different. Fuentes capped off his [Nazi petition to eradicate satanism, feminism, liberalism, and Judaism] by saying it ...

Shared Responsibility Model: What It Means for Cloud Security

The shared responsibility model is a cloud security framework that defines how responsibilities are divided between cloud service providers and users. The post Shared Responsibility Model: What It Means for Cloud Security appeared first on ...

Resecurity appoints Akash Rosen to lead digital forensics practice

Resecurity accelerates Digital Forensics & Incident Response Services portfolio with the newly appointed industry professional, Akash Rosen. Akash Rosen is a recognized digital forensics expert and investigator. He assisted international law ...

NetSPI hires Vinay Anand as CPO and Jay Golonka as CFO

NetSPI announced two C-Suite leadership appointments, Chief Product Officer (CPO) Vinay Anand and Chief Financial Officer (CFO) Jay Golonka. They bring decades of experience supporting high-growth technology companies and will be instrumental in ...

#LifeAtLogRhythm Spotlight – Diversity, Equity, and Inclusion (DEI) Collective

It’s time for round two of our blog posts highlighting #LifeAtLogRhythm! This month, we are spotlighting a group of passionate explorers who joined forces to enrich LogRhythm’s culture. As this series continues, you’ll hear from different ...

Your Guide to Secure Code Signing: Four Steps to Get Started

Without code signing – or checks within the software download to confirm code signatures – users can open themselves up to serious risk by downloading software from a malicious source. The post Your Guide to Secure Code Signing: Four Steps to ...

Announcing CodeSentry 4.2 with New Editions and Component Search

GrammaTech’s leading binary Software Composition Technology (SCA) solution, CodeSentry, provides valuable insights to open-source software (OSS) components within your software without requiring access to source code. There are countless use ...

New Report “State of Cloud Threat Detection and Response”

Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and ...

Private Malware for Sale: A Closer Look at AresLoader

In December 2022, a private loader named "AresLoader" was advertised for sale on the top-tier Russian-language hacking forum XSS by a threat actor going by the name "DarkBLUP". The post Private Malware for Sale: A Closer Look at AresLoader ...

Building smarter DevSecOps with Intelligent Orchestration

Intelligent Orchestration takes the complexity out of DevSecOps by delivering the right tests, at the right time, to the right people. The post Building smarter DevSecOps with Intelligent Orchestration appeared first on Security Boulevard.

USENIX Security ’22 – Fangming Gu, Qingli Guo, Lian Li, Zhiniang Peng, Wei Lin, Xiaobo Yang, Xiaorui Gong – ‘COMRace: Detecting Data Race Vulnerabilities in COM Objects’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Fangming Gu, Qingli Guo, Lian Li, ...

Preparing for the Soon to be Updated OWASP API Security Top 10

The Open Web Application Security Project (OWASP) is a global non-profit organization dedicated to improving the security of software. The OWASP foundation first released a list of the top 10 security risks faced by APIs in 2019. This year, ...