Application Security News and Articles


Optimizing CI/CD Security: Best Practices for a Robust Software Delivery Pipeline

5 min read Modern software development accelerates progress but introduces security risks that must be managed to protect organizational integrity and reputation. The post Optimizing CI/CD Security: Best Practices for a Robust Software Delivery ...

Ad Protect: Mastering the Detection of Bot-Driven Ad Fraud

DataDome's unparalleled bot detection solution powers our Ad Protect solution, protecting marketers from the negative impacts of bot-driven ad fraud and click fraud. The post Ad Protect: Mastering the Detection of Bot-Driven Ad Fraud appeared ...

Leading LLMs Insecure, Highly Vulnerable to Basic Jailbreaks

“All tested LLMs remain highly vulnerable to basic jailbreaks, and some will provide harmful outputs even without dedicated attempts to circumvent their safeguards,” the report noted. The post Leading LLMs Insecure, Highly Vulnerable to Basic ...

Business Entities

Product Update: Version 4.4 We're thrilled to share Version 4.4 release with new feature updates: Business Entities for tracking customers, partners, and departments, improved control for transfer switch power devices, streamlined bulk actions ...

Apple API Allows Wi-Fi AP Location Tracking

Privacy FAIL: Apple location service returns far more data than it should, to people who have no business knowing it, without your permission. The post Apple API Allows Wi-Fi AP Location Tracking appeared first on Security Boulevard.

USENIX Security ’23 – AlphaEXP: An Expert System for Identifying Security-Sensitive Kernel Objects

Authors/Presenters:Ruipeng Wang, Kaixiang Chen, Chao Zhang, Zulie Pan, Qianyu Li, Siliang Qin, Shenglin Xu, Min Zhang, Yang Li Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the ...

GitHub Issues Patch for Critical Exploit in Enterprise Server

The vulnerability affects all GHES versions prior to 3.13.0 and achieves the highest possible CVSS score of 10. Instances with SAML SSO authentication are at risk. The post GitHub Issues Patch for Critical Exploit in Enterprise Server appeared ...

Deep Dive: How to Improve Kubernetes Management with IaC Tools

In container orchestration, Kubernetes has become the go-to solution for deploying and managing containerized applications at scale. Ten years after Kubernetes was made publicly available, however, the complexities associated with deploying it ...

Randall Munroe’s XKCD ‘Exponential Growth’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Exponential Growth’ appeared first on Security Boulevard.

Automata in Action: New Vulnerabilities Discovered in HP UEFI

Eclypsium has discovered new vulnerabilities in a particular Unified Extensible Firmware Interface (UEFI) implementation from HP. This is the first vulnerability to be discovered automatically by our Automata binary analysis system, which ...

The WAF Oath: Primum Non Nocere | Impart Security

Impart Security's Director of Field Engineering, Jack Zarris, dives into the evolution of Web Application Firewalls from first generation RegEx tuning to next-generation threshold tuning of false positives and finally the current state of ...

Who Will Control Our AI Future? A Guide to Power, Influence, and Responsible AI Development

The rise of AI raises critical questions about power and control. Who's shaping the AI landscape? Discover the key players and how we can ensure a responsible AI future. The post Who Will Control Our AI Future? A Guide to Power, Influence, and ...

What’s the State of Identity Assurance Today? Recap of the 2024 Report

Identity security is at a crossroads. As digital transformation accelerates, organizations are increasingly vulnerable to identity-focused attacks, which are now the primary entry point for cybercriminals. The incorporation of artificial ...

USENIX Security ’23 – A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel

Authors/Presenters: Guoren Li, Hang Zhang, Jinmeng Zhou, Wenbo Shen, Yulei Sui, Zhiyun Qian Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open ...

Compromised recording software was served from vendor’s official site, threat researchers say

Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in ...

What America’s Federal Privacy Bill Means for Data Protection

After years of false starts, the US is edging closer to a federal data privacy law. In a surprise move, two lawmakers last month introduced a bipartisan, bicameral piece of legislation described as “the best opportunity we've had in decades” ...

When to Automate and When Not to Automate Security

The post When to Automate and When Not to Automate Security appeared first on AI Enabled Security Automation. The post When to Automate and When Not to Automate Security appeared first on Security Boulevard.

Navigating Compliance Frameworks with Deepfactor: PCI DSS, SOC2, and NIST 800-53

... Read more » The post Navigating Compliance Frameworks with Deepfactor: PCI DSS, SOC2, and NIST 800-53 appeared first on Deepfactor. The post Navigating Compliance Frameworks with Deepfactor: PCI DSS, SOC2, and NIST 800-53 appeared first on ...

Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques

NTLM (NT LAN Manager) relaying is an attack technique that has been around for years yet is still incredibly effective.  […] The post Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques appeared first on Security Boulevard.

Hospitals Hacked: Urgent Care Needed

In recent research by Veriti, a significant cyber security breach at Change Healthcare highlighted severe vulnerabilities in healthcare data security, affecting over 1.35 million files. This breach involved multiple healthcare and insurance ...