Application Security News and Articles


Microsoft OneNote Attachments Increasingly Used to Deliver Infostealer RATs

Security researchers and Nuspire’s Threat Intelligence Team have recently identified an increase in threat actors’ use of Microsoft OneNote to deliver info-stealing remote access trojans (RATs). Here’s what you need to know. What’s going ...

The Hacker Mind Podcast: Gaining Persistence On Windows Boxes

When we hear about bad actors on a compromised system for 200+ days, we wonder how they survived for so long. Often they hide in common misconfigurations. Paula Januszkiewicz, CEO of Cqure returns to The Hacker Mind to explain. The post The ...

5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations

Blog post originally posted on MSSP Alert  Traditionally, compliance and security teams have worked independently, often in silos with separate budgets and disparate data and tools, making collaboration and effective decision-making difficult, ...

Credential Theft: Protecting the SaaS Service Layer

Credential theft is when hackers use the logins and passwords of active users to gain access to sensitive & private data. Learn about credential theft with Grip The post Credential Theft: Protecting the SaaS Service Layer appeared first on ...

USENIX Security ’22 – Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, Qi Li – ‘RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Yi He, Zhenhua Zou, Kun Sun, Zhuotao ...

Google Fi Data Breach: A Lesson in Cloud Visibility | Eureka Security

| Eureka Security The post Google Fi Data Breach: A Lesson in Cloud Visibility | Eureka Security appeared first on Security Boulevard.

Randall Munroe’s XKCD ‘Electron Color’

via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink The post Randall Munroe’s XKCD ‘Electron Color’ appeared first on Security Boulevard.

Ghostwriter v3.2 Release

SpecterOps has released Ghostwriter v3.2 with some significant enhancements we think you’ll like. We overhauled how you interact with operation logs and added support for tagging clients, projects, reports, findings, evidence files, domains, ...

What automation means in application scanning tools – and why you need it

What automation means in application scanning tools – and why you need it Confused about exactly what “automation” means in the world of application scanning tools? You’re not alone. From executing automatic security checks to scheduling when scans are launched, here’s a breakdown of the many ways automation ...

Skybox Security Raises $50M, Hires New CEO

Late-stage California startup Skybox Security turns the reins over to former Digital Guardian chief executive Mordecai Rosen. The post Skybox Security Raises $50M, Hires New CEO appeared first on SecurityWeek.

USENIX Security ’22 – George Kappos, Haaroon Yousaf, Rainer Stütz, Sofia Rollet, Bernhard Haslhofer, Sarah Meiklejohn – ‘How to Peel a Million: Validating and Expanding Bitcoin Clusters’

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – George Kappos, Haaroon Yousaf, Rainer ...

Spies, Hackers, Informants: How China Snoops on the US

An alleged Chinese surveillance balloon over the United States last week sparked a diplomatic furore and renewed fears over how Beijing gathers intelligence on its largest strategic rival. The post Spies, Hackers, Informants: How China Snoops on ...

AppSec 2023 predictions from Oxeye Security

AppSec 2023 predictions from Oxeye Security Ron Vider shares Oxeye Security's AppSec 2023 predictions, including the convergence of AppSec and CloudSec, a greater C-Suite demand for visibility into risk contributions of apps and the teams that build them, a demand for clearer ...

How to Implement CIEM – A Checklist

What differentiates a CIEM solution from other cloud security platforms, and how should a CIEM be used in an organization? Read on to find out. The post How to Implement CIEM – A Checklist appeared first on Ermetic. The post How to Implement ...

Australian Man Sentenced for Scam Related to Optus Hack 

Australian authorities sentence Sydney man for using leaked data stolen from wireless carrier Optus to conduct SMS scams. The post Australian Man Sentenced for Scam Related to Optus Hack  appeared first on SecurityWeek.

Chrome 110 Patches 15 Vulnerabilities

The first stable release of Chrome 110 brings 15 security fixes, including 10 for externally reported vulnerabilities. The post Chrome 110 Patches 15 Vulnerabilities appeared first on SecurityWeek.

Application Security Protection for the Masses

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. The post Application ...

How to recover from a WordPress 2FA lockout

Using 2FA to secure your WordPress website is by far one of the best security measures you can take. It adds an additional layer of security while being very easy to set up. Furthermore, it has a proven track record of stopping the vast majority ...

The Top 3 Attack Surface Management Tools for 2023

The average attack surface is growing rapidly, putting businesses at risk. Here are a few attack surface management tools to mitigate risk in 2023. The post The Top 3 Attack Surface Management Tools for 2023 appeared first on Security Boulevard.

APOLLO Insurance Ends Competitive Price Scraping With DataDome

APOLLO Insurance, Canada's leading online insurance company for small businesses and individuals, trusts DataDome to stop bots from price scraping and filling out forms. The post APOLLO Insurance Ends Competitive Price Scraping With DataDome ...