Application Security News and Articles


USENIX Security ’22 – David Cerdeira, José Martins, Nuno Santos, Sandro Pinto – ‘ReZone: Disarming TrustZone with TEE Privilege Reduction’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – David Cerdeira, José Martins, Nuno ...

Why Intelligence Teams Are Moving From In-House Virtual Machines to Flashpoint Managed Attribution

Intelligence teams are ditching self-hosted VM labs and turning to Flashpoint's Managed Attribution– a flexible and fully managed virtual environment that frees up security teams to focus on their core missions. With expertise from our ...

Podcast: Optimizing Cyber Threat Detection & Response

Mark Shriner, Secure Talk Podcast host interviews Sanjay Raja, Gurucul VP of Product Marketing and... The post Podcast: Optimizing Cyber Threat Detection & Response appeared first on Gurucul. The post Podcast: Optimizing Cyber Threat ...

Make Sure Your Company is Prepared for Evolving Liability Regulations

  The post Make Sure Your Company is Prepared for Evolving Liability Regulations appeared first on Security Boulevard.

Amazing Fast Crypto for IoT — US NIST Fingers ASCON

Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on ...

Open-source repository malware sows Havoc

As part of the ReversingLabs research team's ongoing surveillance of open source repositories, we have identified aabquerys, a malicious npm package that downloads second and third stage malware payloads to systems that have downloaded and run ...

Automate your attack response with Azure DDoS Protection solution f...

Automate your attack response with Azure DDoS Protection solution f... We created the new Azure DDoS Protection solution for Microsoft Sentinel that helps organizations to protect their resources and applications better against these advanced attacks.

VulnCheck Raises $3.2M Seed Round for Threat Intel

Massachusetts startup with VulnCheck has attracted $3.2 million in seed-stage funding from several prominent investors. The post VulnCheck Raises $3.2M Seed Round for Threat Intel appeared first on SecurityWeek.

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – ‘#228 – Front-End Test Cases’

via the respected Software Engineering expertise of Mikkel Noe-Nygaard as well as the lauded Software Engineering and Enterprise Agile Coaching talent of Luxshan Ratnarav at Comic Agilé! Permalink The post Comic Agilé – Mikkel ...

Randall Munroe’s XKCD ‘Coordinate Plane Closure’

via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink The post Randall Munroe’s XKCD ‘Coordinate Plane Closure’ appeared first on Security Boulevard.

Exposing TrickBot’s Bitzlato Cryptocurrency Exchange – An OSINT Analysis

Just came across this and I've decided to elaborate and offer actionable intelligence on the whereabouts of TrickBot's Bitzlato cryptocurrency exchange. Company name: Bitzlato Limited Company owner: Anatoly Legkodymov Company ...

From Security Analyst to Threat Hunter: How to Make the Leap and Track Down the Bad Guys

If you’re a security analyst looking to transition into a threat hunter role, you’re in the right place. Threat hunting is a proactive and exciting field that requires a deep understanding of cybersecurity principles, as well as strong ...

US, UK Slap Sanctions on Trickbot Cybercrime Gang

The US Treasury has frozen assets and announced travel bans against seven Russians accused of running the Trickbot ransomware operation. The post US, UK Slap Sanctions on Trickbot Cybercrime Gang appeared first on SecurityWeek.

“Permanently” Bricking Computers and Other Supply Chain Issues

“Permanently” Bricking One of my fears is the attacker who is motivated to destroy infrastructure rather than lay low, hide, and steal. Destroying a computer requires a moderate amount of skill compared to the complexities of persisting and ...

USENIX Security ’22 – Esmerald Aliaj, Ivan De Oliveira Nunes, Gene Tsudik – ‘GAROTA: Generalized Active Root-Of-Trust Architecture (for Tiny Embedded Devices)’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Esmerald Aliaj, Ivan De Oliveira ...

US Says Chinese Military Behind Vast Aerial Spy Program

China’s spy balloon that crossed the US could collect intelligence signals and was part of a multi-national, military-linked aerial spy program, the Biden administration said. The post US Says Chinese Military Behind Vast Aerial Spy Program ...

A Winning Trifecta: API Gateways, API Security and API Protection

From the early stages of the shift towards API-first development methodologies, API gateways have played a key role in helping organizations manage their growing API population. Acting as the focal point for API calls between the client and the ...

Six urgent application security challenges and how technologists can overcome them

Six urgent application security challenges and how technologists can overcome them Across all industries, technologists are worried that their organizations are becoming less secure. The shift to cloud native applications and architecture over the past two years has led to a dramatic expansion in attack surfaces, and at the ...

ChatGPT Will Democratize Cybercrime and Force Firms to Double Down on Data Security

Everyone’s talking about artificial intelligence (AI) today, thanks to one app taking the world by storm. ChatGPT reached 100 million global users in just two months – faster than any other consumer app in history, according to analysts. ...

What is Card Testing?

Card testing, also known as card checking, is a form of fraud where criminals try to determine if stolen credit card information is valid by making small purchases or attempting to authorize a transaction. The preferred method for card testers is ...