Application Security News and Articles


Vulnerability Management Lifecycle: The Ultimate Guide to Business Security

63% of organizations suffered cyberattacks due to unpatched vulnerabilities, highlighting a critical issue. However, top-tier companies consistently maintain superior security. How do they do it? Their advantage lies in a robust... The post ...

API Transformation Cyber Risks and Survival Tactics

As you think about how to ensure your APIs are within your risk tolerance, ensure that you have a sound understanding of your inventory and the data associated with them. The post API Transformation Cyber Risks and Survival Tactics appeared first ...

GlobalSign updates ACME service to simplify domain management

GMO GlobalSign announced updates to its Automated Certificate Management Environment (ACME) service for internal domain certificates, enabling customers to issue GlobalSign IntranetSSL certificates through its ACME service. ACME is an internet ...

Story 4: Detecting compromised secrets & naughty 3rd-party vendors

Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and ...

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01 ...

How to Configure Brevo SPF, DKIM, and DMARC Records? A Step-by-Step Guide

Reading Time: 4 min Secure your Brevor domain by configuring Brevo SPF, DKIM, and DMARC records. Improve email deliverability and protect against spoofing and phishing. The post How to Configure Brevo SPF, DKIM, and DMARC Records? A Step-by-Step ...

Craig Boundy joins McAfee as President and CEO

McAfee announced the appointment of Craig Boundy as President and CEO, effective August 21, 2024. Boundy, a seasoned executive with over 25 years of leadership experience, joins McAfee from Experian where he served as the global Chief Operating ...

Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04

Several security issues were discovered in Squid, a web proxy cache server. These vulnerabilities have a high severity score and could lead to denial of service or exposure of sensitive information. The good news is that they have been addressed ...

Velvet Ant Exploits Cisco Zero-Day Flaw

Recent events in the cybersecurity landscape have brought to light the activities of a China-nexus cyber espionage group known as Velvet Ant. The threat actor group has been observed exploiting a zero-day flaw in the Cisco NX-OS software. In this ...

How U.S. Businesses can Fight the Deepfake Threat 

While it's unclear how new, advanced technologies like AI and ML will ultimately change the data security landscape, now is not the time to stand still. The post How U.S. Businesses can Fight the Deepfake Threat  appeared first on Security ...

Critical Vulnerability Discovered in OpenSSH Impacting Large User

In a significant development for cybersecurity, a new vulnerability has been detected in OpenSSH, the widely-used suite for secure network communications. This flaw poses a serious risk, potentially allowing malicious actors to remote code ...

ChatGPTriage: How can CISOs see and control employees’ AI use?

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower than ...

Managing exam pressure: Tips for certification preparation

In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses the role of study groups, online forums, and professional networks in ...

Firmware update hides Bluetooth fingerprints

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability. ...

Major data breaches that have rocked organizations in 2024

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. ...

Paris 2024 Olympics to face complex cyber threats

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the ...

Critical Security Update for Adobe Commerce (Magento) Users

In the rapidly evolving world of e-commerce, security remains a top priority. As part of our ongoing commitment to safeguarding our clients, we are bringing an important update to your attention regarding Adobe Commerce (Magento). This update ...

USENIX Security ’23 – FABRID: Flexible Attestation-Based Routing for Inter-Domain Networks

Authors/Presenters:Cyrill Krähenbühl, Marc Wyss, David Basin, Vincent Lenders, Adrian Perrig, Martin Strohmeier Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong ...

Response to CISA Advisory (AA24-193A): CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

AttackIQ has released two new assessment templates in response to the CISA Advisory (AA24-193A) published on July 11, 2024, that disseminates Tactics, Techniques and Procedures (TTPs), mitigation and detection methods associated with SILENTSHIELD ...

Caught in the Act: StealC, the Cyber Thief in C

Weekly Threat Intelligence Report Date: July 15, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS StealC seems like an appropriate name for stealer malware written in C. It’s been available for less than two years ...