Application Security News and Articles
Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Cisco announced plans to acquire Valtix, an early-stage Silicon Valley startup in the cloud network security business.
The post Cisco to Acquire Valtix for Cloud Network Security Tech appeared first on SecurityWeek.
Processes, procedures and industry best practices are all crucial to achieving a healthy cybersecurity maturity. Learn how your organization can improve its ranking.
The post Understanding Security Maturity and the Risks That Come With It ...
Attackers are increasingly using OneNote documents to distribute malware, due to the heightened security measures against macro-based attacks and the widespread adoption and popularity of the platform. Analyzing several related case studies, this ...
The importance of metadata to user privacy is simply under emphasized.
Metadata can tell the whole story without ever reading the message contents; with files, Metadata can reveal additional and potentially sensitive information in addition to ...
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.
Permalink
The post USENIX Security ’22 – Miles Dai, Riccardo Paccagnella, ...
History has shown that when it comes to ransomware, organizations cannot let their guards down.
The post Ransomware Attacks: Don’t Let Your Guard Down appeared first on SecurityWeek.
Two APTs, named Winnti and Clasiopa, have been observed targeting Asian organizations in the materials sector.
The post Two Hacking Groups Seen Targeting Materials Sector in Asia appeared first on SecurityWeek.
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data ...
Executive summary
In May 2020 EclecticIQ Intelligence and Research Team published a report (1) on phishing lures impersonating the maritime industry. This research offers new insights and update on the topic. The key takeaways of this research ...
Eric Olden to Present Overview of How Maverics Identity Orchestration Platform Breaks Vendor Lock-in and Unifies Incompatible Cloud Identity Systems BOULDER, Colo., March 1, 2023 – Strata Identity, the Identity Orchestration for multi-cloud ...
Organizations worldwide store 60% of their data in the cloud. The popularity of cloud computing is undisputed in 2023 and is predicted to grow in future years. The main benefits of using cloud storage and computing services to run corporate ...
Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it isn’t managed correctly. This problem has ...
In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns.
The post Several Law Firms Targeted in Malware Attacks appeared first on SecurityWeek.
Elon Musk infamously boasts he makes mistakes whenever and doesn’t respect the rules. This seems to be coming up repeatedly as bad news for his customers, let alone anyone around them, when their car acts like the CEO and crosses a double ...
Federal agencies have 30 days to remove the popular Chinese social media app TikTok from federal government devices, according to a guidance memorandum issued by the White House. The memo, written by Office of Management and Budget director ...
Data breaches have become more frequent and destructive. Why are organizations repeatedly falling victim? It spans everything from common user habits to stolen device use.
The post 4 Reasons Why Data Breaches Keep Happening to Organizations ...
The Biden administration urged Congress to renew the Foreign Intelligence Surveillance Act (FISA) that the government sees as vital in countering overseas terrorism, and cyberattacks.
The post US Officials Make Case for Renewing FISA Surveillance ...
Google this week made client-side encryption for Gmail and Calendar available for Workspace customers.
The post Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar appeared first on SecurityWeek.
In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.
The post CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles appeared first on ...