Application Security News and Articles


In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking

Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event. The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on ...

Don’t Ignore Data Sovereignty

What does data sovereignty mean for organizations and what’s the best practice for ensuring compliance? The post Don’t Ignore Data Sovereignty appeared first on Security Boulevard.

DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution

Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and ...

The Battle of the Bots: Safeguarding Identity in the Age of AI

In the age of generative AI, identity is being exploited by attackers as a weakness in the security perimeter. Here's what to do. The post The Battle of the Bots: Safeguarding Identity in the Age of AI appeared first on Security Boulevard.

China’s Offensive Cyber Operations in Africa Support Soft Power Efforts

Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on ...

Norton Secure Browser blocks malicious websites and phishing attempts

To help protect consumers from browser-based security, privacy and identity threats, Norton, a consumer Cyber Safety brand of Gen, has released Norton Secure Browser. Just as a passport is essential for travel, web browsers are essential for ...

Air Canada Says Employee Information Accessed in Cyberattack

Canada’s largest airline says the personal information of some employees was accessed in a recent cyberattack. The post Air Canada Says Employee Information Accessed in Cyberattack appeared first on SecurityWeek.

Keysight collaborates with Synopsys to secure IoT devices against attacks

Keysight Technologies and Synopsys are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market. Under the ...

Mitek partners with Equifax to improve consumer identity protection

Mitek announced a strategic partnership with Equifax, a global data, analytics and technology company. The agreement will add Mitek’s biometric-based identity verification and liveness detection technology to Equifax’s digital identity ...

BIND Updates Patch Two High-Severity DoS Vulnerabilities

The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely. The post BIND Updates Patch Two High-Severity DoS Vulnerabilities appeared first on SecurityWeek.

DAT introduces AI-powered identity-verification solution

DAT Freight & Analytics introduced an AI-powered identity fraud detection and prevention platform through a partnership with Verosint, to help prevent the unauthorized use of customer login credentials and combat the growing threat of ...

Faster Patching Pace Validates CISA’s KEV Catalog Initiative

CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace. The post Faster Patching Pace Validates CISA’s KEV Catalog Initiative appeared first on SecurityWeek.

Contrast Security integrates with AWS Security Hub to help organizations mitigate threats

Contrast Security, the code security platform built for developers and trusted by security, today announced its integration with Amazon Web Services (AWS) Security Hub to offer full-spectrum security visibility, from infrastructure to ...

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. The flaw may allow a threat actor to abuse scan execution policies to run pipelines as another ...

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The ...

Anviz One combats security concerns for all levels of education

Anviz introduced an all-in-one intelligent security solution for the education industry – Anviz One – bolstering the security infrastructure of public and private educational institutions from K-12 to university with lower upfront investment, ...

SANS Survey Shows Drop in 2023 ICS/OT Security Budgets

ICS/OT security budgets have decreased in 2023 compared to last year, according to a survey conducted by SANS. The post SANS Survey Shows Drop in 2023 ICS/OT Security Budgets appeared first on SecurityWeek.

Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones

Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. The post Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones appeared first on SecurityWeek.

Improve Your Organization’s Cloud Infrastructure with PeoplActive’s Cloud Consulting Services

Long-term success in a time when digital agility essentially requires a strong and well-managed cloud ecosystem. To redefine the potential of your cloud infrastructure, we at PeoplActive have put together a team of cloud consulting ...

Top 7 VAPT Companies in India in 2023

Are you in search of VAPT Services for your Company? Here’s What You Need to “Be Aware Of”. VAPT Companies will play a vital role in the business era, as technology has become so prevalent. Each component of how people use technology makes ...