Application Security News and Articles
The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.
The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek.
Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years.
The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek.
Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first verifying whether it’s malicious. “Over ...
Background and drug screening giant DISA has revealed that a 2024 data breach impacts more than 3.3 million people.
The post 3.3 Million People Impacted by DISA Data Breach appeared first on SecurityWeek.
Pentera has unveiled Cyber Pulse, a new mechanism to update the Pentera platform with the latest vulnerabilities and attack techniques from the Pentera research team. Cyber Pulse delivers a continuous stream of new cyber exposure validation ...
Red Hat announced Red Hat OpenShift 4.18, the latest version of the hybrid cloud application platform powered by Kubernetes. Red Hat OpenShift 4.18 introduces new features and capabilities designed to streamline operations and security across IT ...
The Cybersecurity Maturity Model Certification (CMMC) process is just around the corner and is expected by most to go into effect early next year. This is why defense tech companies need to act today to start their compliance journey.
The post ...
Seal Security launched Seal OS, a solution designed to automatically fix vulnerabilities in both Linux operating systems and application code. Seal OS delivers long-term support for a wide range of Linux distributions, encompassing Red Hat ...
The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions.
Related: Weaponizing Microsoft’s co-pilot
Until now, lackluster enterprise search capabilities kept many security risks in ...
For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? ...
Starting in Q3 2024, Cofense Intelligence detected an ongoing campaign targeting employees working in social media and marketing positions. In this campaign, marked employees were encouraged to apply to a social media manager position in a ...
DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. ...
In this Help Net Security video, Nataraj Nagaratnam, an IBM Fellow and CTO for Cloud Security, discusses enterprises’ steps to lay a secure foundation for agentic AI deployments. Recent research from IBM and Morning Consult shows that 99% ...
How Secure Are Your Cloud Secrets? Is your organization truly protecting its cloud secrets, or are there gaps that might be exploited by malicious cyber actors? Non-Human Identities (NHIs) and Secrets Security Management is emerging as an ...
Are We Ready to Embrace NHI Innovation? Cybersecurity within various industry verticals has witnessed remarkable transformations due to rapid advancements in technology. But, amidst all the buzz, have we been successful in fully embracing the NHI ...
Is Your Organization Achieving Scalable Secrets Management? How well does your organization manage its Non-Human Identities (NHIs) and their secrets? A cybersecurity expert often asked about the best methods for managing NHIs, especially where ...
KEY TAKEAWAYS
Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA ...
Authors/Presenters: Yso & Martin Strohmeier
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...
Kernel Panic in the Rust Belt. Memory safety: GOOD. Cheese motion: BAD.
The post Rust vs. C — Linux’s Uncivil War appeared first on Security Boulevard.
Cloud security covers a wide range of tools and frameworks, which makes it hard to implement. Cloud security posture management (CSPM) organizes the process.
The post 7 CSPM Tools to Secure Your Cloud Infrastructure appeared first on Security ...
