Application Security News and Articles


Public Cloud Adoption is Accelerating in the MENA Region

PeoplActive is an ISO 27001:2013 certified leading tech hiring platform. By utilizing an exclusive network of 4000+ Silicon Valley caliber tech talent specialized in 100+ in-demand IT skills, it was pretty easy for businesses to hire ...

Foiling intellectual property theft in a digital-first world

In today’s data-driven world, the expectations and demands faced by many organizations worldwide are reaching unseen levels. To meet the challenge, a data-driven approach is necessary, with effective digital transformation needed to improve ...

Stay one step ahead: Cybersecurity best practices to prevent breaches

In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches. The post Stay one step ahead: ...

Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program

Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling ...

Wiper malware goes global, destructive attacks surge

The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all ...

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage ...

Attacker floods PyPI with 450+ malicious packages that drop Windows trojan via Dropbox

Sonatype has been tracking an open source malware campaign developing over the weekend in which a threat actor is infiltrating the PyPI software registry with hundreds of malicious packages. These packages are being rapidly removed by the PyPI ...

Third-party risks overwhelm traditional ERM setups

Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner. ERM struggles to elevate the right issues In a Gartner survey of 100 ...

Contrast Security adds Microsoft Azure Functions support to evaluate serverless risks

Contrast Security expands Contrast Serverless Application Security offering to support Microsoft Azure Functions and enable customers to scan for security vulnerabilities on multi-cloud environments. Organizations are rapidly adopting serverless ...

Tesla Racing Instructor Warns Sudden Acceleration A Design Flaw: NOT Driver Fault

As I suggested a couple weeks ago, Tesla sudden acceleration has hallmarks of 1980s design flaws. Now a Tesla Racing Instructor is trying to tell the world it happened even to him. …nothing hits home as something like this happens to a Tesla ...

USENIX Security ’22 – Kevin Burk, Fabio Pagani, Christopher Kruegel, Giovanni Vigna – ‘Decomperson: How Humans Decompile And What We Can Learn From It’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Kevin Burk, Fabio Pagani, Christopher ...

The Third Line of Defense: Auditors Must Embrace Compliance Technology in a Changing World

In recent years, the Compliance burden has increased, and organizations that breach the rules have come under intensified scrutiny. As a result, the role of Compliance team's and their influence within the business have grown as well. Many ...

One Year Later: Cyber Battles Still Rage in Ukraine

This past week was dominated with stories surrounding the one-year mark of Russia’s invasion into Ukraine. What have we learned on the global cybersecurity front in that time? The post One Year Later: Cyber Battles Still Rage in Ukraine ...

Week in review: ChatGPT and cybersecurity, hidden vulnerabilities in Docker containers

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Protected Computing: Ensuring privacy and safety of data regardless of location In this Help Net Security interview, Royal Hansen, VP of ...

Implementing Data Diode Pattern on AWS for Data Loss Prevention (DLP) and Zero Trust Access Control

Author: Matt Venne, Solutions Director, stackArmor, Inc. One of the biggest challenges that cloud architects and security professionals have is protecting “sensitive” data.  This challenge is multiplied when that sensitive data must move ...

How to prepare for initial FedRAMP ATO kickoff and Agency briefing?

Federal and Defense Agencies are increasingly buying commercial cloud services to meet their mission requirements. Commercial cloud solution providers must obtain FedRAMP authorization prior to offering their services to agencies. The FedRAMP ...

Increasing Evidence Tesla Drivers Burn to Death While Unable to Open Any Door

I’ve noticed a string of Tesla reports saying basically the same thing. Drivers who survive a Tesla crashing succumb to smoke and fire in a confusing escape puzzle — they’re killed by design, a planned death-trap, not the impact. First, ...

From CVE-2022-33679 to Unauthenticated Kerberoasting

On September 13, 2022, a new Kerberos vulnerability was published on the Microsoft Security Response Center’s security site.  It’s labeled as a Windows Kerberos Elevation of Privilege vulnerability and given the CVE ID CVE-2022-33679.  The ...

USENIX Security ’22 – ‘Characterizing The Security Of Github CI Workflows’

Complete Title: 'USENIX Security '22 - Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, Aravind Machiry - ‘Characterizing The Security Of Github CI Workflows’' Our thanks to ...

USENIX Security ’22 – Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, Davide Balzarotti – ‘RE-Mind: a First Look Inside the Mind of a Reverse Engineer’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Alessandro Mantovani, Simone Aonzo, ...