Application Security News and Articles
In this Patch Tuesday edition, Microsoft addressed 72 CVEs, including 1 Zero-Day, 16 Criticals, 54 Important and 1 Moderate—the one Zero-Day was found to be actively exploited in the wild. From an Impact perspective, Escalation of Privilege ...
Why is NHIDR Crucial in Modern Cybersecurity? For organizations to stay ahead in this dynamic cybersecurity landscape, it’s imperative to embrace innovative and comprehensive security methodologies. One such methodology is Non-Human Identity ...
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities.
Background
Microsoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its ...
Quantum computing was long considered to be part of a distant future. However, it is quickly becoming a reality. Google’s recent announcement of its Willow quantum computing chip is a breakthrough generating significant media attention and ...
Open source software security and dependency management have never been more critical, as organizations strive to protect their software supply chains while navigating increasing complexity and risks.
The post Why software composition analysis is ...
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 ...
The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims ...
SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta ...
In today’s digital classroom, connectivity is key—but it comes with challenges. As technology becomes an integral part of teaching and learning, K-12 schools face the responsibility of supporting classroom technology while safeguarding ...
Authors/Presenters: Rob Joyce, The Dark Tangent
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...
Auguria today at the Black Hat Europe conference, in addition to providing five additional integrations with other platforms, revealed it has added an explainability graph capability that makes it simple to understand why log data collected is ...
16Critical
54Important
0Moderate
0Low
Microsoft addresses 70 CVEs with 16 rated critical, including one zero-day that was exploited in the wild.
Microsoft patched 70 CVEs in its December 2024 Patch Tuesday release, with 16 rated critical, and 54 ...
via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!
The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan ...
Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe).
Meta AI creation, steampunk ...
GitGuardian today extended the reach of its ability to manage applications secrets into the realm of non-human identities (NHI) associated with machines and software components.
The post GitGuardian Extends Reach to Manage Non-Human Identities ...
Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry ...
ASU 48-bit trash hash: Open source router firmware project fixes dusty old code.
The post Critical OpenWrt Bug: Update Your Gear! appeared first on Security Boulevard.
Author: Lance B. Cain
Overview
Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology ...
Authors/Presenters: Anne Neuberger
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via ...
CORS misconfigurations are often overlooked, but they can have severe consequences. We demonstrate how reflecting the origin header leads to code execution in Whistle.
The post Never Underestimate CSRF: Why Origin Reflection is a Bad Idea ...
