Application Security News and Articles


ASM: The Best Defense is a Good Offense

About 10 years ago, security was relatively simple because everything occurred on premises. Change releases were tightly controlled by a change ticket and review process. In contrast, current networks consist of auto-scaling containers that run ...

Cybersecurity Posture Assessment: What Is It & How to Conduct One

If a sophisticated hacker targeted your organization tomorrow, how prepared are you to prevent, detect, or recover from that breach?  Without a solid understanding of your current cybersecurity systems, weaknesses, and maturity level, you will ...

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: CISA’s newest office is ...

Google Describes Privacy, Security Improvements in Android 14

Google has released the first Android 14 developer preview and has announced some of the security improvements the platform update will include. The post Google Describes Privacy, Security Improvements in Android 14 appeared first on SecurityWeek.

Introducing the DataDome Real-Time Threat Dashboard

DataDome's new real-time threat dashboard displays global attacks on your endpoints as they're happening, helping you understand how bad bot traffic affects your business. The post Introducing the DataDome Real-Time Threat Dashboard appeared ...

Gamifying Security

Gamification is a powerful thing. Applying elements of gaming—like rules, score-keeping and friendly competition—to other activities is a solid strategy for boosting engagement and motivation. Take Pokemon Go, for example, which inadvertently ...

Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents

Multiple XSS vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents. The post Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents appeared first on SecurityWeek.

Android’s February 2023 Updates Patch 40 Vulnerabilities

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs. The post Android’s February 2023 Updates Patch 40 Vulnerabilities appeared first on SecurityWeek.

Avast Threat Labs Q4 2022 Threat Report | Avast

The Avast Threat Labs Q4 2022 Threat Report observed a rise in social engineering attacks during the final quarter of 2022, including invoice and refund fraud, tech support scams, and others aimed at stealing money. Cybercriminals continued to ...

Cybercrime Gang Uses Screenlogger to Identify High-Value Targets in US, Germany

Russia-linked financially motivated threat actor TA866 targeting companies with custom malware, including a screenlogger, a bot, and an information stealer The post Cybercrime Gang Uses Screenlogger to Identify High-Value Targets in US, Germany ...

Super Bowl Cybersecurity: Safeguarding Your Viral Moment

The Super Bowl–where football legends rise, and brands test their grit. A showcase of the fiercest competition and advertising muscle. We tune in for the NFL’s top talent and brands’ blockbuster ads, but what goes on behind the scenes? ...

2023: Complexity Reigns in Cybersecurity as Existing Threats Adapt and New Technologies Emerge

Last December, the team looked at various topics related to the field of cyber and information security. One thing is for certain: cybersecurity is not monolithic—there are so many facets of cybersecurity, each with its own challenges and ...

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time. The post Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras appeared first on SecurityWeek.

NIST chooses encryption algorithms for lightweight IoT devices

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to secure the data generated by Internet of Things (IoT) devices: ...

5 Key Benefits of ISO 27001 Certification

Here are a few of the key benefits of ISO 27001 certification. The post <strong>5 Key Benefits of ISO 27001 Certification</strong> appeared first on Scytale. The post 5 Key Benefits of ISO 27001 Certification appeared first on ...

ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware

There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and ...

How Elon Musk Pulls An Enron And Gets Away With It

The big question is why Enron, “the most innovative company in America“, ever got caught and held accountable for the thing Elon Musk does constantly: lie and defraud people. …Times story carried a quote from the closing arguments of the ...

Establishing secure habits for software development in 2023

As a new year commences, it’s not unusual for people to take the opportunity to adopt better practices and principles and embrace new ways of thinking in both their personal and professional lives. Software development teams always strive to ...

How CISOs can improve security practices to keep up with evolving technologies

TikTok and Lensa AI have sparked worldwide conversations on the future of social media and consumer data privacy. In this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, ...

OWASP API1: 2019 – Broken Object Level Authorization

Are you leaving your APIs vulnerable to attacks? OWASP revealed that Broken Object Level Authorization is among the top 10 most critical API security risks list The post OWASP API1: 2019 – Broken Object Level Authorization appeared first on ...