Category: Application security

May 11, 2023

Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The “Phase 1” of the initiative […]

May 10, 2023

A few weeks ago, the 32nd edition of RSA, one of the world’s largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. […]

May 9, 2023

Application security and product security# Regrettably, application security teams often intervene late in the development process. They maintain the security level of exposed software, ensuring the integrity and confidentiality of consumed or produced data. They focus on securing data flows, […]

May 8, 2023

What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive approach. Instead of waiting for cybersecurity alerts and then addressing them, security organizations are now deploying red teams to actively seek out breaches, threats and […]

May 4, 2023

IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it’s difficult to monitor external malicious environments – which only makes them that much more threatening. In March, a high-profile data breach hit national […]

April 27, 2023

Tenable®, the Exposure Management company, today published a new report outlining the use of generative AI to build new security research tools. The report, titled “How Generative AI is Changing Security Research,” highlights four new tools developed by the Tenable […]

April 26, 2023

Dig, the cloud data security leader, today announced its new technology integration with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data. The Dig Data Security Platform integrates with the CrowdStrike Falcon platform to deliver real-time […]

April 26, 2023

The coalition behind the Data Security Maturity Model has issued a second iteration of the framework, aimed at making it easier for businesses to protect data from leaks. The coalition, created by Cyberhaven last summer, is led by Sounil Yu, […]

April 24, 2023

A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that […]

April 21, 2023

Following a beta launch in November 2022, GitHub has now made private vulnerability reporting generally available, providing security researchers with a direct channel to report security defects they identify in public repositories. To take advantage of the new capability, repository […]

April 19, 2023

Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. […]

April 14, 2023

Developers interested in gauging the security of the open source components have an abundant number of choices, but still have to choose to use the information to audit the components used in their applications, experts say. On April 11, Google […]

April 11, 2023

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late […]

April 10, 2023

Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use […]

April 10, 2023

As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused 92% of all data breaches in the first quarter […]

April 6, 2023

Google Play will be pushing Android app developers to allow users to delete their account and associated data from within the app. Users will also be given the option to only delete data where applicable, as some data needs to […]

March 31, 2023

Intruder updates its cloud-based vulnerability management service, allowing organisations of all sizes to secure their APIs by automatically detecting vulnerabilities, gaps, security weaknesses, and misconfigurations that hackers can exploit. As more organisations build APIs to facilitate automation, attack surfaces are […]

March 30, 2023

BreachLock has launched its API Penetration Testing Service, making API security testing more affordable compared to alternative pentesting providers. The company is best known for its human-led, AI-enabled Pen Testing as a Service (PTaaS) solution delivered via its client portal. […]

March 15, 2023

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Unfortunately, because of these attacks’ sophisticated and subtle nature, they can be hard to detect until it’s […]

March 8, 2023

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. Researchers came […]