Top

Category: Application security


Application security, Security

SCYTHE 4.0 empowers team collaboration in real-world adversarial campaigns

September 13, 2023

Via: Help Net Security

SCYTHE has unveiled its latest version of the SCYTHE Core platform, introducing a number of new features designed to provide essential insight into the exploitability, impact, and prioritization of threats. SCYTHE 4.0 introduces dual-deployment options, supporting agentless and agent-based configurations. […]


Application security, Security

CTERA Vault safeguards against risks related to data tampering

September 12, 2023

Via: Help Net Security

CTERA unveiled CTERA Vault, Write Once, Read Many (WORM) protection technology which provides regulatory compliant storage for the CTERA Enterprise Files Services Platform. CTERA Vault aids enterprises in guaranteeing the preservation and tamperproofing of their data, while also ensuring compliance […]


Application security, Security

Wing and Drata join forces to ensure a way to keep SaaS compliant

September 12, 2023

Via: Help Net Security

Wing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001. […]


Application security, Security

Elevating API security to reinforce cyber defense

September 11, 2023

Via: Help Net Security

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security […]


Application security, Security

Cyberattacks Targeting E-commerce Applications

August 28, 2023

Via: The Hacker News

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing […]


Application security, Security

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

August 21, 2023

Via: The Hacker News

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of […]


Application security, Security

Google Chrome’s New Feature Alerts Users About Auto-Removal of Malicious Extensions

August 18, 2023

Via: The Hacker News

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release […]


Application security, Security

Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities

August 4, 2023

Via: The Hacker News

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. “In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted […]


Application security, Security

Google, Microsoft Take Refuge in Rust Language’s Better Security

August 4, 2023

Via: Dark Reading

When Fortanix launched in 2016, the company made a decision: It would commit to the one-year-old Rust’s programming language to benefit from its security strengths and performance. Seven years later, Fortanix’s commitment to Rust has proved to be a success. […]


Application security, Security

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

July 28, 2023

Via: The Hacker News

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific […]


Application security, Security

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

July 28, 2023

Via: The Hacker News

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. […]


Application security, Security

How to Protect Patients and Their Privacy in Your SaaS Apps

July 24, 2023

Via: The Hacker News

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the […]


Application security, Security

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

July 20, 2023

Via: The Hacker News

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into […]


Application security, Security

Microsoft ‘Logging Tax’ Hinders Incident Response, Experts Warn

July 17, 2023

Via: Dark Reading

A human rights organization was alerted by Microsoft that it was compromised as part of a July email breach attributed to Storm-0558, but the organization couldn’t find any evidence of compromise in their logs. Why? It didn’t pay Microsoft a […]


Application security, Security

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

July 11, 2023

Via: The Hacker News

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors […]


Application security, Security

Global Retailers Must Keep an Eye on Their SaaS Stack

July 10, 2023

Via: The Hacker News

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much […]


Application security, Security

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

July 10, 2023

Via: The Hacker News

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. “We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run […]


Application security, Security

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

July 5, 2023

Via: The Hacker News

The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s […]


Application security, Security

Nokod Security raises $8 million to enhance low-code/no-code app security

June 30, 2023

Via: Help Net Security

Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain. […]


Application security, Security

Total Assure launches to provide SMBs with managed security services

June 30, 2023

Via: Help Net Security

Total Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent […]