Category: Application security

September 13, 2023

SCYTHE has unveiled its latest version of the SCYTHE Core platform, introducing a number of new features designed to provide essential insight into the exploitability, impact, and prioritization of threats. SCYTHE 4.0 introduces dual-deployment options, supporting agentless and agent-based configurations. […]

September 12, 2023

CTERA unveiled CTERA Vault, Write Once, Read Many (WORM) protection technology which provides regulatory compliant storage for the CTERA Enterprise Files Services Platform. CTERA Vault aids enterprises in guaranteeing the preservation and tamperproofing of their data, while also ensuring compliance […]

September 12, 2023

Wing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001. […]

September 11, 2023

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security […]

August 28, 2023

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing […]

August 21, 2023

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of […]

August 18, 2023

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release […]

August 4, 2023

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. “In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted […]

August 4, 2023

When Fortanix launched in 2016, the company made a decision: It would commit to the one-year-old Rust’s programming language to benefit from its security strengths and performance. Seven years later, Fortanix’s commitment to Rust has proved to be a success. […]

July 28, 2023

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific […]

July 28, 2023

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. […]

July 24, 2023

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the […]

July 20, 2023

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into […]

July 17, 2023

A human rights organization was alerted by Microsoft that it was compromised as part of a July email breach attributed to Storm-0558, but the organization couldn’t find any evidence of compromise in their logs. Why? It didn’t pay Microsoft a […]

July 11, 2023

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors […]

July 10, 2023

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much […]

July 10, 2023

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. “We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run […]

July 5, 2023

The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s […]

June 30, 2023

Nokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain. […]

June 30, 2023

Total Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent […]