Application Security News and Articles
The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies. A prescient ...
A report by CISA, the FBI, the NSA, and international agencies lay out the argument that event logging tools help enterprises better detect attacks that rely on LOTL techniques used by threat groups to evade security protections during an ...
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks. It can send requests to multiple targets using ...
Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with ...
Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target ...
Vivek Ramachandran, Founder & CEO of SquareX, at DEF CON Main Stage.
At DEF CON 32 this year, SquareX presented compelling research that revealed the shortcomings of Secure Web Gateways (SWG) in protecting the browser and demonstrated 30+ ...
GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte. “The State of Generative AI in the Enterprise: Now ...
Atualmente sou líder do time de DEVSEC em uma grande instituição financeira. Quando iniciei na empresa, a ferramenta de SAST/SCA já havia…Continue reading on Medium »
Authors/Presenters:Inyoung Bang and Martin Kayondo, Seoul National University; Hyungon Moon, UNIST (Ulsan National Institute of Science and Technology); Yunheung Paek, Seoul National University
Many thanks to USENIX for publishing their ...
The sheer volume of vulnerabilities discovered each year—combined with limited time and resources—demands a more sophisticated strategy for prioritization. While the Common Vulnerability Scoring System (CVSS) has long been the industry ...
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking ...
In today’s digital landscape, the threat of data breaches and cyber attacks looms large over organizations of all sizes. As a result, privileged access management (PAM) has become a critical component of cybersecurity strategies. It’s easy to ...
In today’s world of software development, security can’t be an afterthought. Integrating security into Continuous Integration and…Continue reading on Medium »
In this blog, DevSecOps is discussed as an extension of DevOps, integrating security practices into the development and operations process…Continue reading on Medium »
Traditional security is in crisisContinue reading on Medium »
Authors/Presenters:Inyoung Bang and Martin Kayondo, Seoul National University; Hyungon Moon, UNIST (Ulsan National Institute of Science and Technology); Yunheung Paek, Seoul National University
Many thanks to USENIX for publishing their ...
As the back-to-school season begins, K-12 tech leaders face many cybersecurity and safety challenges. To help smooth the transition to a secure start to the 2024-2025 school year, we recently hosted a webinar featuring Samuel Hoch, the Technology ...
DOJ inspectors have found the FBI is not labeling hard drives and other storage devices holding sensitive that are slated for destruction, making them hard to track, and that boxes of them can sit in a poorly secured facility for months.
The post ...
Authors/Presenters:Yanmao Man, University of Arizona; Raymond Muller, Purdue University; Ming Li, University of Arizona; Z. Berkay Celik, Purdue University; Ryan Gerdes, Virginia Tech
Many thanks to USENIX for publishing their outstanding ...
In response to the recent CISA Advisory (AA24-234A) outlining best practices for event logging and threat detection, AttackIQ, in alignment with CISA’s guidance, strongly encourages organizations to engage in continuous testing against known, ...
