Top

Category: Application security


Application security, Security

Scammers use India’s real-time payment system to siphon off money, send it to China

October 24, 2023

Via: The Register

China-based scammers are using a combination of fake loan apps and India’s real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK. “UPI service providers currently operate […]


Application security, Security

Redefining united data protection

October 23, 2023

Via: The Register

There is no longer an off button for businesses and organizations, no closed signs, or downtime. This means enterprise IT operations and data assets must be protected round the clock in all operating environments. In the past this has often […]


Application security, Security

Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks

October 20, 2023

Via: SecurityWeek

The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks. Defense Secretary Gilberto Teodoro Jr. issued the […]


Application security, Security

Fresh curl tomorrow will patch ‘worst’ security flaw in ages

October 10, 2023

Via: The Register

Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as “probably the worst curl security flaw in a long time.” Curl 8.4.0 […]


Application security, Security

Protect AI introduces three open-source software tools designed to secure AI/ML environments

October 5, 2023

Via: Help Net Security

Protect AI announced a set of open-source software (OSS) tools designed to help organizations protect their AI and ML environments from security threats. The company is leading security for AI/ML by developing and maintaining three OSS tools — NB Defense, […]


Application security, Security

The makers of MOVEit have patched another major security flaw

September 29, 2023

Via: TechRadar

The company behind the now-famous (for all the wrong reasons) MOVEit managed file transfer software has warned its clients that a different product – WS_FTP Server, also carries a couple of high-severity flaws that can be exploited in malware hacks. […]


Application security, Security

SCYTHE 4.0 empowers team collaboration in real-world adversarial campaigns

September 13, 2023

Via: Help Net Security

SCYTHE has unveiled its latest version of the SCYTHE Core platform, introducing a number of new features designed to provide essential insight into the exploitability, impact, and prioritization of threats. SCYTHE 4.0 introduces dual-deployment options, supporting agentless and agent-based configurations. […]


Application security, Security

CTERA Vault safeguards against risks related to data tampering

September 12, 2023

Via: Help Net Security

CTERA unveiled CTERA Vault, Write Once, Read Many (WORM) protection technology which provides regulatory compliant storage for the CTERA Enterprise Files Services Platform. CTERA Vault aids enterprises in guaranteeing the preservation and tamperproofing of their data, while also ensuring compliance […]


Application security, Security

Wing and Drata join forces to ensure a way to keep SaaS compliant

September 12, 2023

Via: Help Net Security

Wing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001. […]


Application security, Security

Elevating API security to reinforce cyber defense

September 11, 2023

Via: Help Net Security

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security […]


Application security, Security

Cyberattacks Targeting E-commerce Applications

August 28, 2023

Via: The Hacker News

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing […]


Application security, Security

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

August 21, 2023

Via: The Hacker News

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of […]


Application security, Security

Google Chrome’s New Feature Alerts Users About Auto-Removal of Malicious Extensions

August 18, 2023

Via: The Hacker News

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release […]


Application security, Security

Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities

August 4, 2023

Via: The Hacker News

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. “In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted […]


Application security, Security

Google, Microsoft Take Refuge in Rust Language’s Better Security

August 4, 2023

Via: Dark Reading

When Fortanix launched in 2016, the company made a decision: It would commit to the one-year-old Rust’s programming language to benefit from its security strengths and performance. Seven years later, Fortanix’s commitment to Rust has proved to be a success. […]


Application security, Security

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

July 28, 2023

Via: The Hacker News

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific […]


Application security, Security

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

July 28, 2023

Via: The Hacker News

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. […]


Application security, Security

How to Protect Patients and Their Privacy in Your SaaS Apps

July 24, 2023

Via: The Hacker News

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the […]


Application security, Security

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

July 20, 2023

Via: The Hacker News

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into […]


Application security, Security

Microsoft ‘Logging Tax’ Hinders Incident Response, Experts Warn

July 17, 2023

Via: Dark Reading

A human rights organization was alerted by Microsoft that it was compromised as part of a July email breach attributed to Storm-0558, but the organization couldn’t find any evidence of compromise in their logs. Why? It didn’t pay Microsoft a […]