Application Security News and Articles
We will demonstrate how to advance from manual processes to automated security nirvana. Join us to learn how to navigate the challenges and enhance your SaaS security posture.
The post SaaS Security | Core Areas and the Maturity Curve ...
Trackers are everywhere and come in many different forms. Some tracking methods are more invasive than others; this post aims to explain what "trackers" are, how they work, and give examples of the data they collect.
TABLE OF ...
Authors/Presenters:Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open ...
In April, the tech world faced a concerning incident involving XZ Utils, a widely used open-source compression tool. A maintainer under the alias Jia Tan inserted a backdoor into a beta version, potentially granting hackers full control if it had ...
When Google decided to stop trusting new TLS certificates from Entrust, it didn’t just create a technical challenge—it unleashed an operational crisis for many organizations. If your business uses Entrust TLS certificates, you are facing one ...
via the comic & dry wit of Randall Munroe, creator of XKCD
Permalink
The post Randall Munroe’s XKCD ‘Lava Lakes’ appeared first on Security Boulevard.
Discover key lessons in SaaS security, avoid common pitfalls, and learn how to proactively manage SaaS identity risks for a stronger security posture.
The post SaaS Security Lessons Learned the Hard Way | Grip appeared first on Security Boulevard.
Post-Quantum Cryptography (PQC) is a new generation of encryption algorithms for protecting data against powerful quantum computers. Quantum computers use quantum mechanics to solve complex problems much faster than traditional computers. With ...
Customer trust is critical to long-term business success. But it is dramatically undermined when organizations fail to protect their personally identifiable information (PII). One study claims that two-thirds (66%) of US consumers would not trust ...
IntroductionIn June 2024, Zscaler ThreatLabz detected fresh activity from BlindEagle, an advanced persistent threat (APT) actor also identified as AguilaCiega, APT-C-36, and APT-Q-98. BlindEagle predominantly focuses on organizations and ...
It’s all about the data. One thing is clear. The “business value” of data continues to grow, making it an organization’s primary piece of intellectual property. And from
The post Storage & Data Protection Trends & ...
Authors/Presenters:Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Yang Zhang
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. ...
In August, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint alert about the emergence of BlackSuit ransomware,
The post How StorageGuard Can Assist With CISA’s Advised ...
In recent years, the landscape of cyber scams has evolved, targeting even the tools designed to protect consumers. One such concerning development involves the exploitation of trusted services to mislead and scam users. This article explores a ...
Vanta announced new product features and milestones, allowing customers to automate existing GRC workflows and gain continuous visibility across their security and compliance program. Vanta’s new Report Center, enhancements to VRM and milestone ...
Cequence recently protected multiple major telecommunications companies, each a global leader with over 100 million customers, from a series of six high-profile Broken Object Level Authorization (BOLA) API attacks. Most of these companies use ...
“Software supply chain security is a critical risk and compliance issue, but most organizations approach it in a fragmented way. The lack of an all-inclusive structure leaves protection gaps.” Gartner Leader's Guide to Software Supply Chain ...
The ransomware space is becoming increasingly fragmented in the wake of law enforcement actions against BlackCat, LockBit, and others, spawning more threat groups and giving rise to prolific newcomers like RansomHub, according to a report by ...
Threat monitoring and detection, such as Network Detection and Response (NDR), provide a complement to enhance a threat exposure management strategy.
The post Choosing the Best Cybersecurity Prioritization Method for Your Organization appeared ...
Season 3, Episode 13: Cato Network’s Etay Maor provides fresh research on the abuse of unpatched log4j libraries.
The post Log4j Continues to act as Organizational Vulnerability appeared first on Security Boulevard.
