Application Security News and Articles


Cyber Bank Heists report | Code Patrol podcast | Contrast Security

Twenty-four years ago, the World Bank was connecting all the central banks of the world to the internet, so as to improve liquidity and to wire up electronic finance.  The post Cyber Bank Heists report | Code Patrol podcast | Contrast Security ...

Offensive Cybersecurity: The Definitive Guide

When considering how to thwart threat actors and protect IT assets against cyber attacks, many organizations take an inherently defensive approach. Locking down systems and assets with protective tools and procedures like firewalls, employee ...

Your Mental Health Data for Sale or Rent — 20¢

U.S. GDPR ASAP: Data brokers are selling PII about mental health conditions—depression, anxiety, bipolar disorder, PTSD, OCD, etc. The post Your Mental Health Data for Sale or Rent — 20¢ appeared first on Security Boulevard.

What Boards Need to Know About GRC and Atomized Networks

The SEC is proposing new regulations for cybersecurity GRC. This is forcing CEOs and board members to assess and understand how, in the Atomized Network, coverage and compliance is difficult to achieve. The post What Boards Need to Know About ...

Daniel Stori’s ‘unzip’

via Daniel Stori’s comical masterpieces of satirical art at turnoff.us! Permalink The post Daniel Stori’s ‘unzip’ appeared first on Security Boulevard.

5 Romance Fraud Schemes Made Possible by Account Generation Bots

This Valentine’s Day, bot operators don’t have love on the brain, just money on their mind (yes, a cheesy, but timely Rihanna reference).  Romance Fraud schemes have plagued dating platforms since their inception, but losses reported by the ...

4 Types of Threat Intelligence

In a data driven world, information means empowerment. Security professionals often worry that threat actors may find exposure that could lead to a data breach. Whether from chatting on dark web forums or purchasing stolen credentials, malicious ...

ChatGPT in Cybersecurity: Benefits and Risks

When OpenAI launched ChatGPT on Nov. 30, 2022, the rapid growth of AI’s potency became quickly evident to millions of people. The hype about ChatGPT has far eclipsed other watershed AI breakthroughs, such as when AlphaZero acquired chess ...

Adobe Plugs Critical Security Holes in Illustrator, After Effects Software

Patch Tuesday: Adobe ships security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The post Adobe Plugs Critical Security Holes in Illustrator, After Effects Software appeared ...

RedLine Stealer Malware: The Complete Guide

While phishing attacks and malicious website links often lead to ransomware attacks, many deliver other types of malware. Over the last few years, attackers increasingly rely on infostealer malware variants to obtain employee credentials. ...

Exploiting embedded APIs by dumping firmware

Hack the hardware to find the firmware and swipe the source code of APIs under security testing. The post Exploiting embedded APIs by dumping firmware appeared first on Dana Epp's Blog. The post Exploiting embedded APIs by dumping firmware ...

USENIX Security ’22 – Viet Tung Hoang, Cong Wu, Xin Yuan – ‘Faster Yet Safer: Logging System Via Fixed-Key Blockcipher’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Viet Tung Hoang, Cong Wu, Xin Yuan ...

NOC vs. SOC: Understanding the Differences

Network Operations Centers (NOC) and Security Operations Centers (SOC) are major buzzwords in the IT world, and for a goodRead More The post NOC vs. SOC: Understanding the Differences appeared first on Kaseya. The post NOC vs. SOC: Understanding ...

GitHub Data Leaks: Detection & Prevention Guide

In a modern digital world, almost every company is a software development company. Your company may develop apps that provide digital customer experiences or build software that enable employee productivity. Developers use GitHub to collaborate ...

Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million

Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million. The post Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million appeared first on SecurityWeek.

The CIA Triad – Defining Integrity

  SANS and the CIA Triad Not to be confused with the Central Intelligence Agency, the CIA Triad references basic security principles from the early ’90s specific to Confidentiality, Integrity, and Availability.  These three pillars stand as ...

The SCA tools landscape and what it means to software supply chain security

To identify and remediate vulnerabilities and threats in their software supply chain, enterprises are beginning to adopt software composition analysis (SCA) tools, which enable security teams to visualize their attack surface, identify risks, and ...

Software composition analysis: The evolution of application security

Cybersecurity is decades-old, but emerging threats targeting the software supply chain have caused a massive shift in practices to create new and improved tools that address these rapidly growing problems. While dating back several decades, ...

SCA is good, but application security needs to evolve to tackle supply chain security

Software Composition Analysis (SCA) tools have become a must-have for software engineering and application security teams, largely because of the increased use of open-source and third-party software. Open-source software (OSS) use in ...

2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged

Dragos ICS/OT Cybersecurity Year in Review 2022 report covers state-sponsored attacks, ransomware, and vulnerabilities. The post 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged appeared first on SecurityWeek.