Application Security News and Articles


Top 10 Security, Operational Risks From Open Source Code

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS). The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.

Cisco to Acquire Valtix for Cloud Network Security Tech

Cisco announced plans to acquire Valtix, an early-stage Silicon Valley startup in the cloud network security business. The post Cisco to Acquire Valtix for Cloud Network Security Tech appeared first on SecurityWeek.

Understanding Security Maturity and the Risks That Come With It

Processes, procedures and industry best practices are all crucial to achieving a healthy cybersecurity maturity. Learn how your organization can improve its ranking. The post Understanding Security Maturity and the Risks That Come With It ...

OneNote: A Growing Threat for Malware Distribution

Attackers are increasingly using OneNote documents to distribute malware, due to the heightened security measures against macro-based attacks and the widespread adoption and popularity of the platform. Analyzing several related case studies, this ...

Metadata and Your Privacy

The importance of metadata to user privacy is simply under emphasized. Metadata can tell the whole story without ever reading the message contents; with files, Metadata can reveal additional and potentially sensitive information in addition to ...

USENIX Security ’22 – Miles Dai, Riccardo Paccagnella, Miguel Gomez-Garcia, John McCalpin, Mengjia Yan – ‘Don’t Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Miles Dai, Riccardo Paccagnella, ...

Ransomware Attacks: Don’t Let Your Guard Down

History has shown that when it comes to ransomware, organizations cannot let their guards down. The post Ransomware Attacks: Don’t Let Your Guard Down appeared first on SecurityWeek.

Two Hacking Groups Seen Targeting Materials Sector in Asia

Two APTs, named Winnti and Clasiopa, have been observed targeting Asian organizations in the materials sector. The post Two Hacking Groups Seen Targeting Materials Sector in Asia appeared first on SecurityWeek.

Google Cloud Platform allows data exfiltration without a (forensic) trace

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data ...

Multi-Year Spearphishing Campaign Targets the Maritime Industry Likely for Financial Gain 

Executive summary In May 2020 EclecticIQ Intelligence and Research Team published a report (1) on phishing lures impersonating the maritime industry. This research offers new insights and update on the topic. The key takeaways of this research ...

Strata Identity CEO Invited to Present Identity Management Breakthrough at The Montgomery Summit

Eric Olden to Present Overview of How Maverics Identity Orchestration Platform Breaks Vendor Lock-in and Unifies Incompatible Cloud Identity Systems BOULDER, Colo., March 1, 2023 – Strata Identity, the Identity Orchestration for multi-cloud ...

How to Secure a VM in a Cloud Computing Environment

Organizations worldwide store 60% of their data in the cloud. The popularity of cloud computing is undisputed in 2023 and is predicted to grow in future years. The main benefits of using cloud storage and computing services to run corporate ...

Top 10 Open Source Software Risks of 2023

Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it isn’t managed correctly. This problem has ...

Several Law Firms Targeted in Malware Attacks

In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. The post Several Law Firms Targeted in Malware Attacks appeared first on SecurityWeek.

Tesla Keeps Crossing Double-Yellow Causing Head-on Collision

Elon Musk infamously boasts he makes mistakes whenever and doesn’t respect the rules. This seems to be coming up repeatedly as bad news for his customers, let alone anyone around them, when their car acts like the CEO and crosses a double ...

White House Bans TikTok on Federal Devices

Federal agencies have 30 days to remove the popular Chinese social media app TikTok from federal government devices, according to a guidance memorandum issued by the White House. The memo, written by Office of Management and Budget director ...

4 Reasons Why Data Breaches Keep Happening to Organizations

Data breaches have become more frequent and destructive. Why are organizations repeatedly falling victim? It spans everything from common user habits to stolen device use. The post 4 Reasons Why Data Breaches Keep Happening to Organizations ...

US Officials Make Case for Renewing FISA Surveillance Powers

The Biden administration urged Congress to renew the Foreign Intelligence Surveillance Act (FISA) that the government sees as vital in countering overseas terrorism, and cyberattacks. The post US Officials Make Case for Renewing FISA Surveillance ...

Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar

Google this week made client-side encryption for Gmail and Calendar available for Workspace customers. The post Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar appeared first on SecurityWeek.

CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person. The post CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles appeared first on ...