Application Security News and Articles


Reimagining zero trust for modern SaaS

The concept of zero trust – as a way to improve the security of and access to an organization’s network, systems, and data – has gained traction in recent years. The basic premise is that no user or device should be trusted by ...

Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers

In this episode host Tom Eston sits down with Kathleen Smith, Chief Outreach Officer at ClearedJobs.net, to discuss the current state of the job market in the cybersecurity industry. With a recent surge in layoffs, Kathleen provides advice for ...

As regulations skyrocket, is compliance even possible anymore?

Let’s face it, security teams are only as good as the next problem they face. But why is keeping up so difficult? New/evolving requirements, lengthy/confusing acronyms, and countless moving parts plague compliance regulations. In this Help Net ...

Can we predict cyber attacks? Bfore.AI says they can

Recently, at Cybertech Tel Aviv 2023, I met with Luigi Lenguito, CEO at Bfore.AI, who introduced me to their technology. In this Help Net Security interview, Lenguito talks about threat prevention challenges and how his company can predict cyber ...

Cybercriminals exploit fear and urgency to trick consumers

Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and ...

Integreon CyberHawk-AI identifies patterns of frequently compromised information

Integreon has unveiled the development of CyberHawk-AI, an advanced automated technology that utilizes artificial intelligence (AI) to streamline the process of extracting and analyzing sensitive data following cyber breaches. This technology ...

Are Tesla Sudden Unintended Acceleration Deaths a Repeat of 1980s Audi 5000 Defects?

The National Highway Traffic Safety Administration (NHTSA) in 1989 issued it’s bold final report on the Audi 5000 “sudden unintended acceleration problem.” The NHTA fully exonerated the German car maker by asserting pedals placed closer ...

[Action required] Your RSS.app Trial has Expired.

Your trial has expired. Please update your subscription plan at rss.app. - (tKz7ssSeGHC7bcem)

USENIX Security ’22 – Rawane Issa, Nicolas Alhaddad, and Mayank Varia – ‘Hecate: Abuse Reporting in Secure Messengers with Sealed Sender’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Rawane Issa, Nicolas Alhaddad, and ...

Microsoft Security’s chief strategy officer joining Apiiro as new CPO

Microsoft Security’s chief strategy officer joining Apiiro as new CPO Moti Gindi, Former CVP of security products at Microsoft, joins the Israeli cloud application security platform

Quantum Computers: What Is Q-Day? And What’s the Solution?

Quantum computers hold the promise of amazing advances in numerous fields. So why are cybersecurity experts so worried about Q-Day? What must be done now to prepare?   The post Quantum Computers: What Is Q-Day? And What’s the Solution? ...

Week in review: VMware ESXi servers under attack, ChatGPT’s malicious potential, Reddit breached

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: While governments pass privacy laws, companies struggle to change In this Help Net Security interview, Bill Tolson, VP of Compliance and ...

Octopus Strike! Three Argo CD API Exploits In Two Weeks

Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive ...

USENIX Security ’22 – Shubham Jain, Ana-Maria Crețu, Yves-Alexandre de Montjoye – ‘Adversarial Detection Avoidance Attacks: Evaluating The Robustness Of Perceptual Hashing-Based Client-Side Scanning’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Shubham Jain, Ana-Maria Crețu, ...

US Blacklists 6 Chinese Entities Over Balloon Program

The United States blacklisted six Chinese entities it said were linked to Beijing's aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed the country's airspace. The post US Blacklists 6 Chinese ...

CyberData Pros and Ketch help companies build modern privacy programs

CyberData Pros has partnered with Ketch to provide data security and compliance services for clients worldwide. CyberData Pros specializes in data security, compliance, consulting, and due diligence, allowing their analysts to provide ...

VMware ESXi OpenSLP Heap-Overflow Vulnerability (CVE-2021-21974)

What is the VMware ESXi OpenSLP heap-overflow vulnerability (CVE-2021-21974)? A new heap-overflow vulnerability (CVE-2021-21974) has been discovered in VMware’s ESXi’s OpenSLP service. This vulnerability allows attackers to execute arbitrary ...

Sleeping Tesla Driver Crashes Into Parked Truck

The driver of the Tesla was found on the ground, unable to function properly. Police described him as trying to sleep, after being told her was still very “tired”. That makes it a slightly different case than just DUI. All signs so far point ...

3 Steps to Protect AD from Wiperware

We’re barely a month into the new year, but wiperware is back in the news. DevPro Journal notes a “drastic increase” starting last year, likely driven by geopolitical conflict. What is wiperware—and how can you protect your organization? ...

Ask these 3 questions when looking for an API security solution

Ask these 3 questions when looking for an API security solution Gaining visibility into the API landscape and how it is utilized is an organizational priority for 2023. To do so effectively requires embedding security of APIs into the development lifecycle. However, this is not always a seamless or efficient ...