While the Capital One breach may have been
jawdropping in its sheer scale, there are best
practice lessons to be learned in its remediation
What was overlooked in the Capital One
data breach, and why it could have been
How to monitor for security events in a
As companies embrace the opportunities presented by cloud and mobile computing to connect with clients and optimize operations, they take on new risks. One of the biggest challenges in digital transformation is ensuring security, privacy, and compliance. With organizations increasingly putting emphasis on a smooth...
Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.
A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
Are you protected from these common AppSec risks?
A single weak point in a line
of code can create an open
door for attackers.
The cost of an average
breach is $3,920,000.
Nearly 80% of apps contain
at least one critical or high
Attacks targeting the application layer are on the rise.
Standards and legislation provide incomplete security coverage:
61% of applications had at least one Critical and High Issue NOT covered by OWASP Top 10.
This up 12% YOY, from 49% to 61%.
Open source code has blind spots:
Among the top movers in...
Are Your Applications Secure?
Turn on the news today, and you’ll see how hacks and other cyber threats are wreaking havoc on
businesses across the globe. And, while software security is becoming a higher priority, for many
businesses it’s still an afterthought for most - one-quarter of respondents report their...
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.
Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report.
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro.