Application Security News and Articles


‘Sophisticated’ Threat Actor Stole GoDaddy Code

Threat actors lingered in GoDaddy’s systems, installing malware and stealing source code in a security incident that lasted years. After receiving complaints from a few customers in December that their websites were being “intermittently ...

SANS Institute unveils new cybersecurity training for IT administrators

SANS Security Awareness, a division of the SANS Institute, launched its new short-form technical training modules, “Security Essentials for IT Administrators.” This series provides a comprehensive review of cybersecurity principles, ...

The CISO Perspective 2023-02-20 09:19:54

At one point, virtual private networks (VPNs) were a valuable tool for remote workers to access private networks and data centers. But with more and… The post The CISO Perspective 2023-02-20 09:19:54 appeared first on Security Boulevard.

Why Defense Contractors Need to Comply with DFARS Now

There are many reports that the effective date for the expected CMMC 2.0 rules will be delayed, perhaps to 2024.  Should companies comply now with DoD’s cyber requirements?  Yes – definitely.       The core DoD requirements are ...

The Essential Guide to Securing Hybrid Workplace Environments

From here on out, hybrid and remote work are here to stay. Unfortunately, this seismic shift in the way we work has expanded the attack surface for opportunistic cybercriminals. Mimecast’s 2022 state of email security report (SOES) found that ...

New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits

Samsung’s Message Guard provides a sandbox designed to protect phones and tablets against zero-click exploits. The post New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits appeared first on SecurityWeek.

What is Zero Trust Network Access (ZTNA)? The Zero Trust model, Framework and Technologies Explained

Virtual Private Networks (VPNs) have been used for years to provide remote connectivity, but they have limitations in terms of scalability and security. A technology… The post What is Zero Trust Network Access (ZTNA)? The Zero Trust model, ...

Royal Mail Hung Tough in LockBit Ransom Negotiations

Negotiators for the Royal Mail apparently played hardball with LockBit over a ransom demand that the mail service said was too high, prompting the attackers to lower their ask and reset the ransom deadline. Insights into how ransoms are ...

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles ...

Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb

Fortinet releases 40 security advisories to inform customers about patches, including for critical code execution vulnerabilities in FortiNAC and FortiWeb. The post Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb ...

ChatGPT: Robert E. Lee Enslaved His Own Daughters

Here’s a question I often get asked: why didn’t Robert E. Lee allow his daughters to be free or marry? It’s a topic worth far more discussion, especially as America seems obsessed with putting up statues of the man as if to celebrate ...

Cybersecurity M&A Roundup for February 1-15, 2023

Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023. The post Cybersecurity M&A Roundup for February 1-15, 2023 appeared first on SecurityWeek.

JPC Mitigates Ransomware Risk with BlackFog

JPC uses BlackFog as its last line of defense to reduce ransomware risk for itself and all its customers. The post JPC Mitigates Ransomware Risk with BlackFog appeared first on Security Boulevard.

Tools Review: RetDec & Code-Dx

By: Muhammad SahputraContinue reading on ITSEC Asia — Research & Technology »

GoDaddy Says Recent Hack Part of Multi-Year Campaign

GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware. The post GoDaddy Says Recent Hack Part of Multi-Year Campaign appeared first on SecurityWeek.

Should You be Using Continuous Data Protection in Your Cybersecurity Defenses?

What are the key things businesses need to know about ransomware removal and recovery? The post Should You be Using Continuous Data Protection in Your Cybersecurity Defenses? appeared first on Security Boulevard.

How to protect yourself against identity theft this tax season

Filing your taxes is already a drag, but finding out that someone has already filed a fake tax return in your name and is trying to steal your refund? That just takes the cake.   The post How to protect yourself against identity theft this tax ...

Twitter will start charging users for SMS-based 2FA option

Twitter has announced that starting with March 20, users who don’t pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication (2FA) option. “While historically a popular form of 2FA, ...

Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit ...

Cybersecurity takes a leap forward with AI tools and techniques

Scientists have taken a key step toward harnessing a form of artificial intelligence known as deep reinforcement learning, or DRL, to protect computer networks. Autonomus cyber defense framework When faced with sophisticated cyberattacks in a ...