Application Security News and Articles


USENIX Security ’22 – Katharina Kohls, Claudia Diaz – ‘VerLoc: Verifiable Localization in Decentralized Systems’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Katharina Kohls, Claudia Diaz – ...

Trust But Verify – Part 2

Trust But Verify – Part 2   What if I told you you could install a new cybersecurity habit this week? What if I told you this habit was borrowed from a prominent political leader? This one is former US President Ronald Reagan. And his ...

Virginia municipality discovers a dangerous backdoor.

Challenge: With attacks on municipalities on the rise, a midsized county in Virginia knew it needed to improve its cybersecurity posture. The problem was they were not sure where to begin. So they enlisted our services to help them determine ...

What is a Slowloris DDoS attack? 

Slowloris is a type of DDoS attack wherein the attacker seeks to overwhelm the targeted servers and cause downtime by continuously sending HTTP connections to the server. The post What is a Slowloris DDoS attack?  appeared first on ...

IBM Security Finds Ransomware Attacks Take Less Than Four Days

IBM Security today published a report that found ransomware attacks, on average, can now be launched and completed in less than four days, down from two months previously. On the plus side, however, the IBM X-Force Threat Intelligence Index ...

The Power of Data Security: How Our New Sales & Alliances Leader Found Alignment with Eureka’s Mission | Eureka Security

Our new SVP of Worldwide Sales and Alliances is on a journey to help secure your company’s critical cloud data. Learn more about Stan Ross and his alignment with our mission. | Eureka Security The post The Power of Data Security: How Our ...

Business Email Compromise (BEC) Attacks Persist 

Email security is often overlooked on a macro level, even as business email compromise (BEC) attacks continue to pose a critical threat to business operations. Reports from Abnormal Security and At-Bay revealed the extent of the ...

Netography Launches Network Visibility and Operational Governance for Social Media Policies

Threat analysts can now quickly see and analyze social media network usage across the Atomized Network with Netography Fusion® The post Netography Launches Network Visibility and Operational Governance for Social Media Policies appeared first ...

R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor

Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. The post R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor appeared first on SecurityWeek.

SMiShing Testing and Policy: Update it Today!

For years, we have known about phishing as an effective vector into corporate networks. Malicious actors use phishing to obtain […] The post SMiShing Testing and Policy: Update it Today! appeared first on Security Boulevard.

How Chatbots Will Change Phishing Attacks

It was only a matter of time until threat actors turned to chatbots like ChatGPT to create phishing attacks. In fact, while it has only been a couple of months since the world was first captivated by the power of ChatGPT, the bad guys were ...

Metomic Lands $20 Series A for Data Security Platform

Evolution Equity Partners leads a new venture capital raise by the early-stage British data security startup. The post Metomic Lands $20 Series A for Data Security Platform appeared first on SecurityWeek.

Balance Data Retention vs Data Protection with Quantitative Risk Analysis

Data is the “oil” of the digital age, the saying goes, but it’s also a cyber risk, a target for data breach as well as regulatory fines for privacy violations. Data retention policy vs. data protection – what’s the right balance at your ...

A Device to Turn Traffic Lights Green

Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the ...

VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)

VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Even though the flaw has been privately reported ...

Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech

Glilot Capital Partners leads a seed-round of funding for Entitle, an Israeli startup tackling entitlement sprawl in the enterprise. The post Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech appeared first on SecurityWeek.

Passwords End with Passkeys 

The death of passwords has been declared continuously by the security community but now it might stick with the introduction of passkeys. In this blog, we will provide an overview of the evolution of password security, contrasting it with more ...

CISA Warns of Two Mitel Vulnerabilities Exploited in Wild

CISA has added two Mitel MiVoice Connect vulnerabilities to its known exploited vulnerabilities catalog and instructed federal agencies to patch them within three weeks. The post CISA Warns of Two Mitel Vulnerabilities Exploited in Wild appeared ...

Prioritize Cyber Risk With Business Impact Analysis

As an industry, cybersecurity companies often talk about risk. However, we rarely take the time to explain what risk is or how it impacts organizations. It’s important to understand that risk is measured based on the negative impact it can have ...

Cyber Security DE:CODED – Full attack chain testing

“Because we test realistically, sometimes bad guys come onto our test network and mess with us” Show notes for series 2, episode 9 (final episode of series 2) What is the attack chain? Why is it good to test using full attack chains? And what ...