Application Security News and Articles
A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.
The post ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History appeared first on SecurityWeek.
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late ...
Reading Time: 8 minutes You can’t wait to buy a Cloud Infrastructure Entitlements Management (CIEM) solution. Yes, we mean you can’t wait as in time is of the essence and critical threats are imminent, but we’ll leave room for the ...
Discover the transformative power of DevOps for startups with insights from the leading AWS DevOps consulting company. Learn how a DevOps approach can boost scalability, security, and competitiveness.
The post Why Every Startup Should Consider ...
Discover the main findings in the OWASP 2023 API Security Top Ten and their importance for application security.
The post The Latest Trends in API Security: The 2023 OWASP API Security Top Ten appeared first on Mend.
The post The Latest Trends in ...
Lax API security creates the perfect window of opportunity, often with a low barrier to entry. Cybercriminals are eager to exploit it.
The post Why Are APIs so Easy for Threat Actors to Exploit? appeared first on Security Boulevard.
Pulumi announced Pulumi ESC, a new solution to manage environments, secrets, and configurations for cloud infrastructure and applications. Pulumi ESC enables developers to define reusable environments that combine secrets from multiple sources, ...
Let’s admit it, the cybersecurity industry is in need of an overhaul. For far too many years, organizations have been lured into a relentless cycle of piling on more and more capabilities and coverage every time a new threat emerges. This idea ...
Serial entrepreneurs bank an unusually large seed round to apply process mining techniques to solve security governance problems.
The post Twistlock Founders Score Whopping $51M Seed Funding for Gutsy appeared first on SecurityWeek.
A previously unknown APT group is targeting organizations in biomedical, IT, and manufacturing sectors in Taiwan.
The post New ‘Grayling’ APT Targeting Organizations in Taiwan, US appeared first on SecurityWeek.
A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems.
The post One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems appeared first on SecurityWeek.
Fortanix has unveiled new capabilities for Fortanix Data Security Manager (DSM) to help public and private organizations address growing data sovereignty requirements globally. Available now, the existing and new features deliver several key ...
Millions of Exim servers could be impacted by a flaw found in all versions of Exim, according to an advisory from Trend Micro.
The post Unpatched Critical Zero-Day Bug Puts Exim Servers at Risk appeared first on Security Boulevard.
A newly identified Magecart web skimming campaign is tampering with ‘404’ error pages to hide malicious code.
The post Magecart Web Skimmer Hides in 404 Error Pages appeared first on SecurityWeek.
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 ...
UK-based cable manufacturing giant Volex has been targeted in a cyberattack that involved unauthorized access to IT systems and data.
The post Cable Giant Volex Targeted in Cyberattack appeared first on SecurityWeek.
Adi Shamir et al. have a new model extraction attack on neural networks:
Polynomial Time Cryptanalytic Extraction of Neural Network Models
Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks ...
SecurityWeek continues its Hacker Conversations series in a discussion with Natalie Silvanovich, a member of of Google's Project Zero.
The post Researcher Conversations: Natalie Silvanovich From Google’s Project Zero appeared first on ...
In recent years, Decentralized Finance, commonly referred to as DeFi, has surged in popularity as a revolutionary financial ecosystem. DeFi platforms promise to democratize finance, offering decentralized alternatives to traditional banking, ...
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead ...
