Application Security News and Articles
Co-author of SAML federation standard Eric Olden will explain how to architect IAM for uninterrupted operation during identity provider outages BOULDER, Colo., April 2, 2025 — Strata Identity, the Identity Orchestration company, today announced ...
Transitioning to a modern SIEM model can achieve significant cost savings while enhancing security visibility and operational efficiency.
The post The Future of Security Operations: Why Next-Gen SIEM is a Necessity appeared first on Security ...
In today’s rapidly evolving threat landscape, organizations face mounting challenges with traditional, fragmented security approaches. This analysis examines the total cost of ownership (TCO) of conventional security infrastructures compared to ...
The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers.
The post AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor ...
Cyber threats targeting healthcare organizations are at an all-time high, with ransomware, insider threats, medical device exploits, and data breaches putting patient data and hospital operations at risk. To defend against these threats, ...
DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights.
The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.
The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat ...
The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.
The post North Korea’s IT Operatives Are Exploiting Remote Work ...
In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important ...
Utimaco launched Quantum Protect, the Post Quantum Cryptography application package for its u.trust General Purpose HSM (Hardware Security Modules) Se-Series. The advent of quantum computers poses a threat to today’s cryptographic ...
Subdomain hijacking is a cybersecurity risk where attackers exploit abandoned DNS records to take control of legitimate subdomains. This can lead to phishing attacks, credential theft, and malware distribution. Organizations must regularly audit ...
Updates from Enzoic’s Threat Research Team In the last Enzoic research update, we briefly discussed the travails of the healthcare industry and their challenges in establishing a successful cybersecurity posture in the face of a salivating ...
Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data.
The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud appeared first on SecurityWeek.
Application security (AppSec) would not have existed for the past 25 years without the Common Vulnerabilities and Exposures (CVEs), the numbering system used for identifying discovered vulnerabilities in software. After the creation and adoption ...
Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send ...
North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem.
The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.
DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered.
The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.
Gmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox.
The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.
North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also ...
Chrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities.
The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
