Application Security News and Articles
In the high-stakes, high-tech world of data centers, one trend is making waves—and chills—across the industry. Liquid cooling, once a novelty, is rapidly becoming a mainstream solution for keeping the data-driven planet running without ...
This blog details how Obsidian detects and blocks the latest version of Tycoon, an adversary-in-the-middle (AiTM), Phishing-as-a-Service (PhaaS) platform that leverages a reverse proxy to intercept and replay credentials and MFA prompts. This new ...
Authors/Presenters: *Cen Zhang, Yuekang Li, Hao Zhou, Xiaohan Zhang, Yaowen Zheng, Xian Zhan, Xiaofei Xie, Xiapu Luo, Xinghua Li, Yang Liu, Sheikh Mahbub Habib*
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 ...
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams.
The first stage of his DevSecOps program: vulnerability management.
The post Vulnerability Management Lifecycle in ...
This article was written by Brian Benestelli and John Fry In the decade since the initial release of the Cybersecurity Framework (CSF), it has become one of the most widely
Read More
The post NIST CSF 2.0 – Top 10 Things You Should Know ...
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.
The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security ...
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘The Wreck of the Edmund Fitzgerald’ appeared first on Security Boulevard.
What is ISO 42001 (AI)? Artificial intelligence (AI) has emerged as a transformative technology, imbuing machines with human-like intelligence to perform tasks across various domains. However, with its exponential growth comes a pressing need for ...
Identities face relentless threats, with attackers often outpacing defenders in speed. Their rapid tactics give them a breakout time of 84 minutes (according to CrowdStrike’s 2024 Global Threat Report1), making the fallout from an identity ...
2024 has started off dramatic shifts in the ransomware landscape. In December of 2023 international law enforcement took down the BlackCat leaks site, leading to the group removing all ethical restrictions for their affiliates and declaring all ...
Authors/Presenters: *Ming Yuan and Bodong Zhao, Penghui Li, Jiashuo Liang, Xinhui Han, Xiapu Luo, Chao Zhang*
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong ...
CyberArk launched CyberArk Secure Browser, an identity-centric secure browser, providing enhanced security and privacy alongside a familiar, productive user experience. Backed by intelligent privilege controls and simple to deploy across devices, ...
Cloud environments are complex, and can create a difficult territory for security and IT teams to monitor and comprehend.
The post Securing the Future: Navigating the Complexities of Cloud Security appeared first on Security Boulevard.
AU10TIX announced the expansion of its Digital ID solution, which enables businesses to securely verify IDs of all types, including physical, digital, eID, verifiable credentials, and more. AU10TIX’s fully automated Digital ID solution ...
Compromises including Log4J, SolarWinds' Orion network management technology, and Progress Software's MoveIT file transfer software have heightened focus on software supply chain security in recent years.
The post Software supply chain security ...
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last year’s far-reaching hack of ...
As the digital landscape expands exponentially, so do efforts to safeguard personal data, notably through regulations and other actions.
The post Navigating the Complexities of Data Privacy: Balancing Innovation and Protection appeared first on ...
Join us as we uncover DarkGate, a malevolent force that strikes fear into the hearts of organizations worldwide. DarkGate has morphed into a sophisticated adversary, utilizing Drive-by Downloads and DanaBot deployment to wreak havoc. But fear ...
Understanding the distinction between macro segmentation vs. micro segmentation, and making the right choice Within network security segmentation, macro segmentation vs. micro segmentation are crucial methods to consider for organizations ...
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” ...
