Application Security News and Articles


Rough Seas: Overcoming the Challenges of Cybersecurity for Offshore Infrastructure

 In the world of cybersecurity, few environments present as many challenges as oil platforms and other offshore infrastructure assets. These installations, often situated in harsh and isolated marine environments, are critical to global energy ...

RSA Conference 2024

The post RSA Conference 2024 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post RSA Conference 2024 appeared first on Security Boulevard.

USENIX Security ’23 – User Awareness and Behaviors Concerning Encrypted DNS Settings in Web Browsers

Authors/Presenters: *Alexandra Nisenoff, Ranya Sharma and Nick Feamster* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from ...

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication. The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard.

Daniel Stori’s ‘Permission Issue’

via the inimitable Daniel Stori at Turnoff.US! Permalink The post Daniel Stori’s ‘Permission Issue’ appeared first on Security Boulevard.

Online Health Firm Cerebral to Pay $7 Million for Sharing Private Data

Mental telehealth startup Cerebral says it will stop sharing sensitive consumer health information with third parties, make it easier for consumers to cancel services, and pay a $7 million to settle a complaint with the Federal Trade Commission ...

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. ...

How GenAI Uses Retrieval-Augmented Generation & What It Means for Your Business

Generative AI tools can use retrieval-augmented generation to access new information that wasn't included in the training dataset. What does this mean for your business? The post How GenAI Uses Retrieval-Augmented Generation & What It Means ...

MDR and EDR – Why One Doesn’t Cancel Out The Other

Strong detection and response capabilities are pivotal for identifying and mitigating threats before they can cause significant damage. As attackers employ advanced tactics that often bypass perimeter defenses, the focus shifts to not only ...

Microsoft Issues Patches for 24 New Secure Boot Vulnerabilities

Secure Boot Matters We cannot blindly trust software. The software (and firmware) we know and (sometimes) love today simply cannot be trusted without validation. Several recent examples of supply chain breaches such as xz utils, Sisense, Rust ...

Is Bruno a good Postman alternative for API hacking?

Follow my journey as I try Bruno for the first time and see if it's a good alternative to Postman for API hacking. The post Is Bruno a good Postman alternative for API hacking? appeared first on Dana Epp's Blog. The post Is Bruno a good Postman ...

Cisco Duo provider breached, SMS MFA logs compromised

Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider ...

MixMode Launches Advanced AI-Powered Attack Detection Prioritization  

MixMode today announced enhancements to the MixMode Platform aimed at reducing risk and empowering security teams. Featured enhancements include AI-powered threat prioritization that combines MixMode's patented AI with known indicators of ...

USENIX Security ’23 – Account Verification on Social Media: User Perceptions and Paid Enrollment

Authors/Presenters: *Madelyne Xiao, Mona Wang, Anunay Kulshrestha, and Jonathan Mayer* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open ...

Evaluating the Impact of CISA’s Secure Software Development Attestation on Government Software…

Bolstering Software Security: How CISA’s Attestation Protocol Impacts Government Software DevelopmentContinue reading on Technology Hits »

Vercara UltraEdge offers protection against internet-based threats

Vercara launched UltraEdge, a comprehensive edge platform that includes an innovative Content Delivery Network (CDN), integrated application security, and edge compute. Powered by Edgio and supported through Vercara’s Security Operations Center ...

Tanium Automate reduces manual processes for repeatable tasks

Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of the autonomous endpoint management (AEM) capabilities within the Tanium XEM platform. The ...

Decision-Makers and Staffing Trends: Insights from the 2024 Benchmark Survey Report

Navigating the complex world of IT risk and compliance can be daunting for many organizations. However, with the right insights, companies can better understand how to make the right decisions about Governance, Risk, and Compliance (GRC) ...

Data Loss Prevention: Best Practices for Secure Data Management

The stakes for safeguarding sensitive information have never been higher. Cyber Data loss can lead to severe consequences, including financial losses, damage to reputation, and legal repercussions.  Section 1: Understanding the Dynamics of Data ...

New open-source project takeover attacks spotted, stymied

The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This ...