Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor

Tip 03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors

ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
News 28 May 2024
How AI could bolster software supply chain security

Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 May 2024
virtual firewall

A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
News 22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 21 May 2024
cloud penetration testing

Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses. Continue Reading
By
- Char Sample, ICF International
Feature 17 May 2024
How AI-driven patching could transform cybersecurity

At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 16 May 2024
3 reasons Synopsys is selling its app security business

Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 14 May 2024
Microsoft handles 2 Windows zero-days on May Patch Tuesday

In addition to the Windows vulnerabilities exploited in the wild, admins should focus on patching multiple flaws in web browsers from Google, Microsoft and Mozilla. Continue Reading
By
- Tom Walat, Site Editor
News 14 May 2024
Google discloses 2 zero-day vulnerabilities in less than a week

Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available. Continue Reading
By
- Arielle Waldman, News Writer
Definition 10 May 2024
Patch Tuesday

Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software. Continue Reading
By
- Ben Lutkevich, Site Editor
News 09 May 2024
'Secure by design' makes waves at RSA Conference 2024

Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 May 2024
TikTok bans explained: Everything you need to know

The United States government takes aim at the viral video sharing application TikTok. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 08 May 2024
risk-based patch management (RBPM)

Risk-based patch management (RBPM) is an approach to implementing patches to fix software code that prioritizes patches that address security issues posing the highest risk to the organization. Continue Reading
By
- Mary K. Pratt
Definition 06 May 2024
risk-based vulnerability management (RBVM)

Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk. Continue Reading
By
- Mary K. Pratt
News 03 May 2024
Cloud campaign intensifies for Atlassian software products

Atlassian plans to continue updating Data Center products, but accelerating cloud updates and migrations touted at Team '24 prompt questions about their long-term future. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 03 May 2024
How remote work is changing patch management

The work-from-home revolution is putting new demands on remote patch management. Here's how to tackle the challenges and make sure your remote workforce is protected. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 01 May 2024
Verizon DBIR: Vulnerability exploitation in breaches up 180%

Verizon said it examined approximately twice as many breaches for the 2024 Data Breach Investigations Report -- 10,626 out of 30,458 total tracked incidents. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 29 Apr 2024
Navigating cloud patch management: Benefits, best practices

Bad actors use malicious code to exploit vulnerabilities, targeting on-demand systems and applications. Having an efficient mechanism to deploy patches in the cloud is critical. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 24 Apr 2024
GitHub vulnerability leaks sensitive security reports

The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By
- Arielle Waldman, News Writer
Tip 22 Apr 2024
AI, toll fraud and messaging top the list of UC security concerns

AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their unified communications platforms. Continue Reading
By
- Irwin Lazar, Metrigy Research
Tip 19 Apr 2024
Automated patch management: 9 best practices for success

Automating the patching process is almost a necessity, especially in large organizations. Here's why, plus pros and cons, tips and best practices for keeping systems up to date. Continue Reading
By
- Andy Patrizio
News 18 Apr 2024
GitLab Duo plans harness growing interest in platform AI

GitLab's next release will tie its Duo AI tools to the full DevSecOps pipeline in a bid to capitalize on increased interest in AI automation among platform engineers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Apr 2024
CrowdStrike extends cloud security to Mission Cloud customers

CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Apr 2024
DHS funding breathes fresh life into SBOMs

Protobom, now an OpenSSF sandbox project, is the first of multiple software supply chain security efforts funded under the Silicon Valley Innovation Program. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 16 Apr 2024
How to conduct security patch validation and verification

Learn about the validation and verification phases of the security patch deployment cycle, two key steps to ensuring an organization's patch management procedure is proactive. Continue Reading
By
- Michael Cobb, Felicia Nicastro
Tip 15 Apr 2024
Key software patch testing best practices

Every company has to update and patch its software, but without careful testing, serious problems can occur. Here's how to make sure you're following the right steps. Continue Reading
By
- Michael Cobb
News 12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails

CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 Apr 2024
Identity, data security expectations for RSA Conference 2024

Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Apr 2024
Microsoft corks Windows zero-day on April Patch Tuesday

The company delivered one of its largest security update releases in recent years with a proxy driver spoofing vulnerability topping the patching priority list. Continue Reading
By
- Tom Walat, Site Editor
News 09 Apr 2024
Unit 42: Malware-initiated scanning attacks on the rise

Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 Apr 2024
Why the Keitaro TDS keeps causing security headaches

Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By
- Rob Wright, Senior News Director
News 04 Apr 2024
Infosec professionals praise CSRB report on Microsoft breach

Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 04 Apr 2024
10 enterprise patch management best practices

It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 04 Apr 2024
The ultimate guide to mobile device security in the workplace

Mobile devices provide connectivity for employees to access business data and communicate with colleagues, but these unique benefits come with specific security challenges for IT. Continue Reading
By
- John Powers, Senior Site Editor
News 03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Apr 2024
GitHub Actions-hosted runners tie in Azure private networks

Private network support is also planned for AWS and Google Cloud Platform, but industry watchers see a power play for Microsoft Azure in GitHub Actions updates this week. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 01 Apr 2024
XZ backdoor discovery reveals Linux supply chain attack

A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
By
- Rob Wright, Senior News Director
- Alexander Culafi, Senior News Writer
News 29 Mar 2024
Typosquatting campaign, malicious packages slam PyPI

Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 27 Mar 2024
See what's coming in Windows Server 2025

Microsoft plans several changes to the upcoming version of Windows Server that promise more financial flexibility and boosts in security and workload performance. Continue Reading
By
- Brien Posey
Opinion 27 Mar 2024
Cybersecurity highlights from KubeCon + CloudNativeCon Europe

New AI features took the spotlight at the conference, but security teams must prepare to support AI use with the right policies, controls and access. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 26 Mar 2024
Top.gg supply chain attack highlights subtle risks

Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
News 22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips

Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
By
- Rob Wright, Senior News Director
Tutorial 22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help

Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By
- Ed Moyle, Drake Software
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
News 18 Mar 2024
Cisco lays out security, observability plans for Splunk

Cisco disclosed broad integration plans for its $28 billion acquisition of Splunk, now officially closed, that will encompass AI, security, observability and networking. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Mar 2024
GitOps users warned to patch 3 new Argo CD CVEs

Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 15 Mar 2024
CISA software supply chain security form omits SBOMs

Federal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs' spotlight is fading and big risks remain, experts said. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Mar 2024
March Patch Tuesday fixes critical Hyper-V vulnerabilities

Microsoft also corrects a remote code execution flaw on Exchange Server and issues an advisory related to changes with an outdated file-scanning feature on the messaging platform. Continue Reading
By
- Tom Walat, Site Editor
News 12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws

Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Mar 2024
5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
By
- Ed Moyle, Drake Software
Tip 08 Mar 2024
How to create a local admin account with Microsoft Intune

Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By
- Brien Posey
Feature 08 Mar 2024
GenAI risks, rewards arise for DevOps and platform engineers

From chatbots that alleviate pressure on IT help desks to full-fledged LLMOps, DevOps and platform teams are at the forefront of enterprise generative AI adoption. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities

CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Feb 2024
New Nvidia, GitHub AI coding assistants expand devs' options

GitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants. But caution, especially with security, is still warranted. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code

Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
By
- Rob Wright, Senior News Director
News 22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage

Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Feb 2024
firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By
- Paul Kirvan
- Mike Chapple, University of Notre Dame
News 15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Feb 2024
February Patch Tuesday corrects two Windows zero-days

Administrators should focus on quickly deploying a critical vulnerability in Microsoft Outlook and exercising caution when applying an Exchange Server 2019 cumulative update. Continue Reading
By
- Tom Walat, Site Editor
Definition 12 Feb 2024
crisis management plan (CMP)

A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate. Continue Reading
By
- Rahul Awati
- Nick Barney, Technology Writer
- Paul Crocetti, Executive Editor
News 07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By
- Arielle Waldman, News Writer
Tip 31 Jan 2024
Top 15 email security best practices for 2024

Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
By
- Sharon Shea, Executive Editor
- Peter Loshin, Former Senior Technology Editor
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack

The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
By
- Rob Wright, Senior News Director
News 16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2024
Microsoft starts year with a subdued January Patch Tuesday

For the second month in a row, Microsoft had no zero-days and relatively few vulnerabilities for administrators to address. Continue Reading
By
- Tom Walat, Site Editor
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
News 27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild

On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Dec 2023
Cisco Security Cloud adds Isovalent for multi-cloud networks

The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 21 Dec 2023
Web fuzzing: Everything you need to know

Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps before attackers do. Continue Reading
By
- Rob Shapland
Definition 21 Dec 2023
Zoombombing

Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
By
- Corinne Bernstein
News 18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Dec 2023
business logic

In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. Continue Reading
By
- Robert Sheldon
- Ivy Wigmore
News 12 Dec 2023
Microsoft delivers light December Patch Tuesday for admins

IT operations teams should prioritize deploying the Windows cumulative update to dispatch a critical MSHTML bug affecting Microsoft Outlook. Continue Reading
By
- Tom Walat, Site Editor
Opinion 12 Dec 2023
Application security consolidation remains nuanced

As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director
News 04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw

Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites

Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By
- Rob Wright, Senior News Director
News 29 Nov 2023
Okta: Support system breach affected all customers

Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 20 Nov 2023
Security continues to lag behind cloud app dev cycles

Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 14 Nov 2023
Microsoft halts 3 zero-days on November Patch Tuesday

Microsoft addresses 67 vulnerabilities, including six critical, and shuts down four bugs in the Exchange Server email platform this month. Continue Reading
By
- Tom Walat, Site Editor
News 14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw

Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Nov 2023
Generative AI brings changes to cloud-native platforms

Generative AI took over tech in 2023, and cloud-native platforms are no exception. The need to support LLMs is already affecting CNCF projects, including Kubernetes. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability

SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Nov 2023
Atlassian Confluence vulnerability under widespread attack

Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Nov 2023
Intel exec affixes OpenSSF, CNCF open source security efforts

Intel's Arun Gupta, now governing board chair of both the CNCF and OpenSSF, discusses his plans to bring all three organizations together to improve open source security. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws

Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 06 Nov 2023
multisig (multisignature)

Multisig, also called multisignature, is the requirement for a transaction to have two or more signatures before it can be executed. Continue Reading
By
- Rahul Awati
- Mary K. Pratt
News 02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security

In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Nov 2023
Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type

Microsoft published patches to address all 117 Microsoft 365 Apps flaws disclosed Tuesday, and the tech giant has disabled support for SketchUp, or SKP, 3D model files. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 01 Nov 2023
authentication

Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By
- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance