Application Security News and Articles


Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their ...

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of ...

OneTrust helps organizations meet the framework requirements

OneTrust announced the expansion of OneTrust solutions to help organizations drive operational resilience and risk management across their extended enterprise, as well as comply with regulations like the European Union’s (EU) Digital ...

SOCRadar raises $25.2 million to accelerate investments in key areas

SOCRadar announced the successful completion of its Series B funding round, raising $25.2 million. The round was led by PeakSpan Capital, with participation from Oxx, reflecting investor confidence in SOCRadar’s innovative approach to ...

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

AppSec has never been more challenging. By the same token, AppSec technology is advancing apace to help companies meet this challenge. Related: AppSec market trajectory At RSAC 2024, I sat down with Bruce Snell, cybersecurity strategist at ...

HHS pledges $50M for autonomous vulnerability management solution for hospitals

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects ...

Setting Up SonarQube for Code Quality Inspection on Java(Maven/Gradle)/.NET/Python/Go Projects

SonarQube is a powerful tool for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect…Continue reading on Medium »

Counting Down to the EU NIS2 Directive

Counting Down to the EU NIS2 Directive madhav Thu, 05/23/2024 - 05:16 Our recently released 2024 Data Threat Report showed a direct correlation between compliance and cyber security outcomes. 84% of organizations that failed a compliance audit ...

CISOs pursuing AI readiness should start by updating the org’s email security policy

Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on the decline. Easily detected by most of today’s standard email ...

Strategies for transitioning to a SASE architecture

In this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them. What are companies’ primary challenges when transitioning to a ...

Ransomware fallout: 94% experience downtime, 40% face work stoppage

Within the last 12 months, 48% of organizations identified evidence of a successful breach within their environment, according to Arctic Wolf. To fully understand the gravity of this statistic, it is important to understand that, although 48% of ...

2024 sees continued increase in ransomware activity

In this Help Net Security video, Ryan Bell, Threat Intelligence Manager at Corvus Insurance, discusses how ransomware will continue to grow in 2024. In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing ...

Machine identities lack essential security controls, pose major threat

Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to CyberArk. The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private ...

BTS #30 – Systems Of Trust – Robert Martin

Bob Martin comes on the show to discuss systems of trust, supply chain security and more! Show Notes The post BTS #30 - Systems Of Trust – Robert Martin appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The ...

Human Error and AI Emerge as Key Challenges in Survey of CISOs

The 2024 Proofpoint “Voice of the CISO” report is a useful barometer for understanding the current cybersecurity landscape, providing valuable insights from 1,600 CISOs globally. This year’s findings reveal a complex picture where ...

Prompt Injection Threats Highlight GenAI Risks

88% of participants in the Immersive “Prompt Injection Challenge” successfully tricked a GenAI bot into divulging sensitive information. The post Prompt Injection Threats Highlight GenAI Risks appeared first on Security Boulevard.

Responsible AI Licenses (RAIL): Here’s What You Need to Know

Learn about this family of licenses that seek to limit harmful use of AI models. The post Responsible AI Licenses (RAIL): Here’s What You Need to Know appeared first on Mend. The post Responsible AI Licenses (RAIL): Here’s What You Need to ...

USENIX Security ’23 – PET: Prevent Discovered Errors from Being Triggered in the Linux Kernel

Authors/Presenters:Zicheng Wang, Yueqi Chen, Qingkai Zeng Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to ...

Security Compliance 101: What It Is and How to Master It

Talk to any compliance officer today, and they will all agree that modern security compliance — fulfilling your organization’s regulatory obligations to keep data safe, secure, and intact — must be a top priority for every business. But ...

CFO Deepfake Redux — Arup Lost $26M via Video

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost. The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.