Application Security News and Articles


Data Analytics Can Change the Way You do Business, but it Must Be Secure

Data analytics has always been something of a black box. But thanks to powerful, cost-effective cloud platforms like Snowflake, and intuitive AI-powered software tools, the means to generate business insight is being democratized to more and more ...

Faster SOC2 access reviews, compliance SaaS and identity

Make it easy with Grip SOC 2 access reviews and stay audit-ready with continuous identity-SaaS discovery and visibility across the enterprise identity fabric The post Faster SOC2 access reviews, compliance SaaS and identity appeared first on ...

Advancing Women in Cybersecurity – One CMO’s Journey

Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. The post Advancing Women in Cybersecurity – One CMO’s Journey appeared first on SecurityWeek.

What is Configuration Drift?

In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, addresses whether it is necessary for already hardened systems to utilize file integrity monitoring ...

Announcing MelaPress Login Security 1.0.0

Today, we are super proud to announce the new and improved MelaPress Login Security (formerly WPassword). This release marks some important changes to our plugin lineup, as well as WP White Security, which we have been working on for the past few ...

5 Ways Cloud Native Guardrails Help Your Development Team Deliver

Traditional approaches to governance, such as Information Technology Infrastructure Library (ITIL) approaches that created a set of detailed practices for IT service and asset management, were overly restrictive and ultimately slowed development ...

The Week in Security: LastPass shares disturbing breach details, U.S. Marshalls hit with ‘major’ hack

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: New details expose that ...

Critical Vulnerabilities Allowed Booking.com Account Takeover

Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account. The post Critical Vulnerabilities Allowed Booking.com Account Takeover appeared first on SecurityWeek.

Why You Can’t Afford to Ignore Prioritizing Vulnerabilities in the Cloud

In cloud environments, assets, resources, and permissions are constantly changing and being updated. As such, risks in cloud environments are dynamic and new security findings and alerts are identified and sent to cloud security teams via their ...

Our identity is deeply personal. Let’s protect it.

From online grocery shopping to online bill-pay to using streaming services, the line is blurred... The post Our identity is deeply personal. Let’s protect it. appeared first on Entrust Blog. The post Our identity is deeply personal. Let’s ...

The Security Service Edge Journey

I cannot remember a time when IT evolved faster than it has over the last few years. There’s no better example than the rapid transformation that’s occurred over the course of the COVID-19 pandemic. Users, devices and data are everywhere, and ...

AppSec Decoded: Managing your open source risks

In this episode, we discuss the crucial elements to managing open source risks as highlighted in the 2023 OSSRA report. The post AppSec Decoded: Managing your open source risks appeared first on Security Boulevard.

Easing Log Collection with LogRhythm’s OC Admin

To get the most out of your security information and event management (SIEM) solution, it’s crucial to focus on log collection. Afterall, log collection is the first step in log management. But if you don’t have a straightforward user ...

Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month. The post Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.

No Programming Skills? Chatbots Will Help Inexperienced Hackers

One thing we’ve learned about ChatGPT and similar AI is that it makes people seem more skilled than they really are. Students are using AI chatbots to do their homework, and would-be comedians and screenwriters are using the technology to ...

Traveling with OAuth – Account Takeover on Booking.com

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, ...

Information of European Hotel Chain’s Customers Found on Unprotected Server

The personal information of many customers of European hotel chain Falkensteiner was discovered by a researcher on an unprotected server. The post Information of European Hotel Chain’s Customers Found on Unprotected Server appeared first on ...

White House Releases National Cybersecurity Strategy

The U.S. government released its widely anticipated National Cybersecurity Strategy on Tuesday. The post White House Releases National Cybersecurity Strategy appeared first on SecurityWeek.

Attackers increasingly using transfer.sh to host malicious code

For many years now, unsecured internet-facing Redis servers have been steadily getting co-opted by criminals to mine cryptocurrency, so the latest cryptojacking campaign spotted by Cado Labs researcher cannot be considered news. But one its ...

Cisco Patches Critical Vulnerability in IP Phones

Cisco has released patches for a critical remote code execution vulnerability in certain IP phones. The post Cisco Patches Critical Vulnerability in IP Phones appeared first on SecurityWeek.