Application Security News and Articles


Threat Actors: The Definitive 2023 Guide to Cybercriminals

In a digital world, companies collect more data and more types of data than ever before. As people use more technology, they generate new types of sensitive data. While data protection laws and compliance frameworks often detail categories of ...

UnFAIR: The Limitations of FAIR’s Risk Model

This is blog 2 of 3 in our FAIR model series. The limitations of FAIR’s data collection process are discussed in part 1 of this blog series. Building a lego design and quantifying cyber risk have essential characteristics in common. To ...

FireMon Cloud Defense Introduces Free Enterprise-Scale CSPM

FireMon is incredibly excited to introduce the industry’s first completely free unlimited CSPM for any size cloud deployments. A curated subset of features from our Cloud Defense platform designed to help cloud customers identify and manage ...

Ranking Cyber Risks to Healthcare Companies with Risk Quantification

It’s high stakes in the cyber risk landscape for healthcare ­providers, payers, medical device makers, third-party vendors, and the rest of a complex ecosystem where cyber events have real-world consequences in cancelled surgeries, disrupted ...

CISA Warns of Active Exploitation of ZK Java Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-36537, a high-severity flaw impacting the ZK Framework, to its “Known Exploited Vulnerabilities (KEV)” catalog based on evidence of active exploitation. What ...

Attackers Don’t Hack, They Log In.

Reading Time: 5 minutes Lessons from the LastPass Breach  Below we’ll detail the latest LastPass incident, discuss the implications of this attack, and finally recommend how organizations can protect their critical cloud assets. What Happened ...

USENIX Security ’22 – Umar Iqbal, Charlie Wolfe, Charles Nguyen, Steven Englehardt, Zubair Shafiq – ‘Khaleesi: Breaker Of Advertising And Tracking Request Chains’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Umar Iqbal, Charlie Wolfe, Charles ...

Acunetix releases a security check for Fortinet RCE flaw

This Acunetix release introduces a new security check for the Fortinet RCE flaw (CVE-2022-39952). The FortiNAC, a network security solution, was discovered to have a vulnerability with a high CVSS score of 9.8, known as CVE-2022-39952. Fortinet ...

Supply Chain Security: What You Need to Know – Part 3: Integrity from Core to Cloud

In this series, we have been taking a long look at the risks and challenges that modern supply chains pose to enterprises as well as the suppliers and OEMs who make up the supply chain. Part 1 covered the fundamentals of supply chain security ...

Which Type of API is Best: Key Features of REST, gRPC, and GraphQL APIs

In this post, we’ll discuss the key features of REST, gRPC, and GraphQL APIs and which projects each API type is best for. The post Which Type of API is Best: Key Features of REST, gRPC, and GraphQL APIs appeared first on Security Boulevard.

The SEG Conundrum. What’s Right for My Organization?

Secure Email Gateways (SEGs) have been around for a while and began as a powerful solution used to stop malicious emails from arriving in users’ mailboxes. The early SEGs were designed to scan incoming and outgoing email messages for viruses, ...

Hacking for Profit: Why the Healthcare Industry is Under Attack

We look at the motivations behind cybercriminals targeting healthcare organizations and what you can do to protect your organization. Read More The post Hacking for Profit: Why the Healthcare Industry is Under Attack appeared first on Axio. The ...

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 420’

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic Permalink The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 420’ ...

White House Announces New National Cybersecurity Strategy: What Does This Mean for Critical Infrastructure?

On March 2, 2023, the Biden-Harris Administration announced its new National Cybersecurity Strategy, a comprehensive approach to safeguarding the United States’ critical digital infrastructure. The strategy has been shaped by major cyber ...

Tomorrow’s Security Teams Need a Female Talent Pipeline

I’ve worked in various roles within law enforcement and security, from positions in the U.S. Secret Service to campus public safety at a large urban university, to private sector security consulting.  And while there have been significant ...

PCI DSS Audit: How to Prepare for Your Audit

Discover whether or not your organization needs to conduct a PCI DSS audit and how you should prepare for it. The post PCI DSS Audit: How to Prepare for Your Audit appeared first on Scytale. The post PCI DSS Audit: How to Prepare for Your Audit ...

Threat Spotlight: Dark Web Supply Chain

Executive Overview Stealer logs are a threat for every company. Threat actors infect devices with stealer malware, exfiltrate the browser fingerprints & saved logins in the browser, and sell them on dedicated dark web marketplaces for less ...

The Dark Side of Microservices: Are Your Applications Secure?

Microservices, which break down applications into smaller, independent services, offer numerous benefits, and using Kubernetes as the go-to for orchestration has only made them more popular. The post The Dark Side of Microservices: Are Your ...

USENIX Security ’22 – Dino Bollinger, Karel Kubicek, Carlos Cotrini, and David Basin – ‘Automating Cookie Consent And GDPR Violation Detection’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Dino Bollinger, Karel Kubicek, Carlos ...

BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems

ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems. The post BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems appeared first on SecurityWeek.