Application Security News and Articles
In a digital world, companies collect more data and more types of data than ever before. As people use more technology, they generate new types of sensitive data. While data protection laws and compliance frameworks often detail categories of ...
This is blog 2 of 3 in our FAIR model series. The limitations of FAIR’s data collection process are discussed in part 1 of this blog series. Building a lego design and quantifying cyber risk have essential characteristics in common. To ...
FireMon is incredibly excited to introduce the industry’s first completely free unlimited CSPM for any size cloud deployments. A curated subset of features from our Cloud Defense platform designed to help cloud customers identify and manage ...
It’s high stakes in the cyber risk landscape for healthcare providers, payers, medical device makers, third-party vendors, and the rest of a complex ecosystem where cyber events have real-world consequences in cancelled surgeries, disrupted ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-36537, a high-severity flaw impacting the ZK Framework, to its “Known Exploited Vulnerabilities (KEV)” catalog based on evidence of active exploitation. What ...
Reading Time: 5 minutes Lessons from the LastPass Breach Below we’ll detail the latest LastPass incident, discuss the implications of this attack, and finally recommend how organizations can protect their critical cloud assets. What Happened ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Umar Iqbal, Charlie Wolfe, Charles ...
This Acunetix release introduces a new security check for the Fortinet RCE flaw (CVE-2022-39952). The FortiNAC, a network security solution, was discovered to have a vulnerability with a high CVSS score of 9.8, known as CVE-2022-39952. Fortinet ...
In this series, we have been taking a long look at the risks and challenges that modern supply chains pose to enterprises as well as the suppliers and OEMs who make up the supply chain. Part 1 covered the fundamentals of supply chain security ...
In this post, we’ll discuss the key features of REST, gRPC, and GraphQL APIs and which projects each API type is best for.
The post Which Type of API is Best: Key Features of REST, gRPC, and GraphQL APIs appeared first on Security Boulevard.
Secure Email Gateways (SEGs) have been around for a while and began as a powerful solution used to stop malicious emails from arriving in users’ mailboxes. The early SEGs were designed to scan incoming and outgoing email messages for viruses, ...
We look at the motivations behind cybercriminals targeting healthcare organizations and what you can do to protect your organization.
Read More
The post Hacking for Profit: Why the Healthcare Industry is Under Attack appeared first on Axio.
The ...
via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic
Permalink
The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 420’ ...
On March 2, 2023, the Biden-Harris Administration announced its new National Cybersecurity Strategy, a comprehensive approach to safeguarding the United States’ critical digital infrastructure. The strategy has been shaped by major cyber ...
I’ve worked in various roles within law enforcement and security, from positions in the U.S. Secret Service to campus public safety at a large urban university, to private sector security consulting. And while there have been significant ...
Discover whether or not your organization needs to conduct a PCI DSS audit and how you should prepare for it.
The post PCI DSS Audit: How to Prepare for Your Audit appeared first on Scytale.
The post PCI DSS Audit: How to Prepare for Your Audit ...
Executive Overview Stealer logs are a threat for every company. Threat actors infect devices with stealer malware, exfiltrate the browser fingerprints & saved logins in the browser, and sell them on dedicated dark web marketplaces for less ...
Microservices, which break down applications into smaller, independent services, offer numerous benefits, and using Kubernetes as the go-to for orchestration has only made them more popular.
The post The Dark Side of Microservices: Are Your ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Dino Bollinger, Karel Kubicek, Carlos ...
ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems.
The post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek.