Application Security News and Articles


Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks. The post Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild appeared first on SecurityWeek.

DevSecOps Top of Mind in Aerospace and Defense Industries

A recent survey released by Lynx Software Technologies reveals widespread adoption of DevSecOps practices across the mission-critical aerospace and avionics industries, particularly those related to government and defense. This high rate of ...

January Cyber Roundup

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post January Cyber Roundup appeared first on Security Boulevard.

ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric

Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories. The post ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric ...

Fast Facts: How to Find and Fix the Log4j Vulnerability in Under 2 Minutes

Many organizations still need to find the Log4j vulnerability in their environment and address the risk. The news about Log4Shell, the vulnerability impacting the Apache Log4j software library, first burst onto the scene and became a headache for ...

Oligo Security Exits Stealth with $28M for AppSec, Open Source Security

Israeli startup Oligo Security raises $28 million to build technology to detect and mitigate open source code vulnerabilities. The post Oligo Security Exits Stealth with $28M for AppSec, Open Source Security appeared first on SecurityWeek.

Does Poor Cybersecurity Affect Healthcare?

The healthcare sector was ranked in the top 3 verticals targeted by cybercriminals last year. Why are healthcare organizations, big and small, such attractive targets for ransomware gangs? The post Does Poor Cybersecurity Affect Healthcare? ...

Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps

Citrix released patches for multiple vulnerabilities in Virtual Apps and Desktops, and Workspace apps for Windows and Linux. The post Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps appeared first on SecurityWeek.

SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities

SAP has released 21 notes on February 2023 Security Patch Day, including three notes addressing high-severity vulnerabilities in SAP Start Service and BusinessObjects. The post SAP’s February 2023 Security Updates Patch High-Severity ...

Great People, Solving Real Pain – Who Could Say No?

I’m so excited to share that I have joined Salt Security to head up the amazing engineering team here. Over the years, I’ve had the fun of doing lots of different things – creating software and managing people in many industries and ...

ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 

Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge. The post ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage  appeared first ...

Product Update: Driving License Verification API

Introducing the Driving License Verification API It is common in India to ask for a driving licence for proof of identification be it for renting a house or giving away a bride, it is the longest-standing ID for Indians after Voter’s ID.  By ...

Six IT Talking Points: Briefing your CEO on DoD compliance

As the head of IT, your job to keep your organization’s networks up and running and secure is a challenge in any environment—and even more so when you’re doing work for the Department of Defense (DoD). The aim of this blog is to help guide ...

SHARED INTEL: The expect impacts of Pres. Biden’s imminent National Cybersecurity Strategy

The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published ...

Spoiler: It’s not the IRS calling

Have you ever gotten a call from the IRS? If you have, then you might be one of the thousands of people losing millions of dollars every year to IRS scam calls. These fraudulent calls, which claim to be from the Internal Revenue Service (IRS), ...

Russian Businessman Guilty in Hacking, Insider Trade Scheme

Vladislav Klyushin was found guilty on all charges against him, including wire fraud and securities fraud, after a two-week trial in federal court in Boston. The post Russian Businessman Guilty in Hacking, Insider Trade Scheme appeared first on ...

Attack surface management (ASM) is not limited to the surface

Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best ...

Introducing the book – Threats: What Every Engineer Should Learn From Star Wars

Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”. ...

Combining identity and security strategies to mitigate risks

Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the ...

The risks and benefits of starting a vCISO practice

There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and ...