Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC

DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
By
- Colin Domoney
News 12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack

The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By
- Arielle Waldman, News Writer

Tip 02 Jul 2024
How to secure Azure Functions with Entra ID

Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure Functions with Entra ID to optimize data security? Continue Reading
By
- Liam Cleary, SharePlicity
News 27 Jun 2024
New Relic CEO sets observability strategy for the AI age

Former Proofpoint CEO sets an AI-focused agenda, including an Nvidia partnership launched this week, while denying layoff rumors and speculation about a merger with Sumo Logic. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Jun 2024
Supply chain attacks conducted through Polyfill.io service

In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jun 2024
Datadog DASH updates push into fresh IT automation turf

A series of product updates at Datadog DASH broke out of the vendor's usual observability domain and into territory held by Atlassian, PagerDuty and others. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama

Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jun 2024
JFrog buy bolsters MLOps combo with DevSecOps

JFrog plans to meld AI/ML development with established DevSecOps pipelines through the acquisition of Qwak in a bid to help more enterprise AI apps reach production. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 19 Jun 2024
SUSE Rancher gears up amid VMware-Broadcom 'feeding frenzy'

SUSE Rancher bolsters its bid to capture users dissatisfied with Broadcom's changes to VMware with the acquisition of StackState and other updates to its Prime package. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 18 Jun 2024
Risk & Repeat: Microsoft under fire again over Recall

Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jun 2024
EPAM denies link to Snowflake customer attacks

EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases. Continue Reading
By
- Arielle Waldman, News Writer
Feature 17 Jun 2024
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types

Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes

In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2024
Congress grills Microsoft president over security failures

Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Jun 2024
Microsoft's Recall changes might be too little, too late

Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs

Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By
- Tim McCarthy, News Writer
News 11 Jun 2024
Microsoft delivers 51 fixes for June Patch Tuesday

A critical remote-code execution flaw in Windows and a DoS vulnerability affecting DNS in Windows Server top the list of patching priorities for admins. Continue Reading
By
- Tom Walat, Site Editor
Tip 10 Jun 2024
8 SaaS security best practices for 2024

SaaS has become ubiquitous. To secure it, take steps to inventory SaaS usage, securely authenticate usage, encrypt data, adopt single sign-on and more. Continue Reading
By
- Ed Moyle, Drake Software
Tip 07 Jun 2024
How to conduct an API risk assessment and improve security

APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By
- Paul Kirvan
Definition 05 Jun 2024
SUSE Linux Enterprise Server (SLES)

SUSE Linux Enterprise Server (SLES) is a Linux-based server operating system created and maintained by the German-based organization, SUSE. Continue Reading
By
- Gavin Wright
- Tim Culverhouse, Site Editor
News 03 Jun 2024
Hugging Face tokens exposed, attack scope unknown

After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By
- Arielle Waldman, News Writer
Tip 03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors

ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
News 28 May 2024
How AI could bolster software supply chain security

Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 May 2024
virtual firewall

A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
News 22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 21 May 2024
cloud penetration testing

Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses. Continue Reading
By
- Char Sample, ICF International
Feature 17 May 2024
How AI-driven patching could transform cybersecurity

At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 16 May 2024
3 reasons Synopsys is selling its app security business

Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry. Continue Reading
By
- David Vance
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 14 May 2024
Microsoft handles 2 Windows zero-days on May Patch Tuesday

In addition to the Windows vulnerabilities exploited in the wild, admins should focus on patching multiple flaws in web browsers from Google, Microsoft and Mozilla. Continue Reading
By
- Tom Walat, Site Editor
News 14 May 2024
Google discloses 2 zero-day vulnerabilities in less than a week

Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available. Continue Reading
By
- Arielle Waldman, News Writer
Definition 10 May 2024
Patch Tuesday

Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software. Continue Reading
By
- Ben Lutkevich, Site Editor
News 09 May 2024
'Secure by design' makes waves at RSA Conference 2024

Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 May 2024
TikTok bans explained: Everything you need to know

The United States government takes aim at the viral video sharing application TikTok. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 08 May 2024
risk-based patch management (RBPM)

Risk-based patch management (RBPM) is an approach to implementing patches to fix software code that prioritizes patches that address security issues posing the highest risk to the organization. Continue Reading
By
- Mary K. Pratt
Definition 06 May 2024
risk-based vulnerability management (RBVM)

Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk. Continue Reading
By
- Mary K. Pratt
News 03 May 2024
Cloud campaign intensifies for Atlassian software products

Atlassian plans to continue updating Data Center products, but accelerating cloud updates and migrations touted at Team '24 prompt questions about their long-term future. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 03 May 2024
How remote work is changing patch management

The work-from-home revolution is putting new demands on remote patch management. Here's how to tackle the challenges and make sure your remote workforce is protected. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 01 May 2024
Verizon DBIR: Vulnerability exploitation in breaches up 180%

Verizon said it examined approximately twice as many breaches for the 2024 Data Breach Investigations Report -- 10,626 out of 30,458 total tracked incidents. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 29 Apr 2024
Navigating cloud patch management: Benefits, best practices

Bad actors use malicious code to exploit vulnerabilities, targeting on-demand systems and applications. Having an efficient mechanism to deploy patches in the cloud is critical. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 24 Apr 2024
GitHub vulnerability leaks sensitive security reports

The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By
- Arielle Waldman, News Writer
Tip 22 Apr 2024
AI, toll fraud and messaging top the list of UC security concerns

AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their unified communications platforms. Continue Reading
By
- Irwin Lazar, Metrigy Research
Tip 19 Apr 2024
Automated patch management: 9 best practices for success

Automating the patching process is almost a necessity, especially in large organizations. Here's why, plus pros and cons, tips and best practices for keeping systems up to date. Continue Reading
By
- Andy Patrizio
News 18 Apr 2024
GitLab Duo plans harness growing interest in platform AI

GitLab's next release will tie its Duo AI tools to the full DevSecOps pipeline in a bid to capitalize on increased interest in AI automation among platform engineers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Apr 2024
CrowdStrike extends cloud security to Mission Cloud customers

CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Apr 2024
DHS funding breathes fresh life into SBOMs

Protobom, now an OpenSSF sandbox project, is the first of multiple software supply chain security efforts funded under the Silicon Valley Innovation Program. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 16 Apr 2024
How to conduct security patch validation and verification

Learn about the validation and verification phases of the security patch deployment cycle, two key steps to ensuring an organization's patch management procedure is proactive. Continue Reading
By
- Michael Cobb, Felicia Nicastro
Tip 15 Apr 2024
Key software patch testing best practices

Every company has to update and patch its software, but without careful testing, serious problems can occur. Here's how to make sure you're following the right steps. Continue Reading
By
- Michael Cobb
News 12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails

CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 Apr 2024
Identity, data security expectations for RSA Conference 2024

Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Apr 2024
Microsoft corks Windows zero-day on April Patch Tuesday

The company delivered one of its largest security update releases in recent years with a proxy driver spoofing vulnerability topping the patching priority list. Continue Reading
By
- Tom Walat, Site Editor
News 09 Apr 2024
Unit 42: Malware-initiated scanning attacks on the rise

Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 Apr 2024
Why the Keitaro TDS keeps causing security headaches

Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By
- Rob Wright, Senior News Director
News 04 Apr 2024
Infosec professionals praise CSRB report on Microsoft breach

Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 04 Apr 2024
10 enterprise patch management best practices

It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 04 Apr 2024
The ultimate guide to mobile device security in the workplace

Mobile devices provide connectivity for employees to access business data and communicate with colleagues, but these unique benefits come with specific security challenges for IT. Continue Reading
By
- John Powers, Senior Site Editor
News 03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Apr 2024
GitHub Actions-hosted runners tie in Azure private networks

Private network support is also planned for AWS and Google Cloud Platform, but industry watchers see a power play for Microsoft Azure in GitHub Actions updates this week. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 01 Apr 2024
XZ backdoor discovery reveals Linux supply chain attack

A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
By
- Rob Wright, Senior News Director
- Alexander Culafi, Senior News Writer
News 29 Mar 2024
Typosquatting campaign, malicious packages slam PyPI

Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 27 Mar 2024
See what's coming in Windows Server 2025

Microsoft plans several changes to the upcoming version of Windows Server that promise more financial flexibility and boosts in security and workload performance. Continue Reading
By
- Brien Posey
Opinion 27 Mar 2024
Cybersecurity highlights from KubeCon + CloudNativeCon Europe

New AI features took the spotlight at the conference, but security teams must prepare to support AI use with the right policies, controls and access. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 26 Mar 2024
Top.gg supply chain attack highlights subtle risks

Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
News 22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips

Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
By
- Rob Wright, Senior News Director
Tutorial 22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help

Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By
- Ed Moyle, Drake Software
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
News 18 Mar 2024
Cisco lays out security, observability plans for Splunk

Cisco disclosed broad integration plans for its $28 billion acquisition of Splunk, now officially closed, that will encompass AI, security, observability and networking. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Mar 2024
GitOps users warned to patch 3 new Argo CD CVEs

Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 15 Mar 2024
CISA software supply chain security form omits SBOMs

Federal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs' spotlight is fading and big risks remain, experts said. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Mar 2024
March Patch Tuesday fixes critical Hyper-V vulnerabilities

Microsoft also corrects a remote code execution flaw on Exchange Server and issues an advisory related to changes with an outdated file-scanning feature on the messaging platform. Continue Reading
By
- Tom Walat, Site Editor
News 12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws

Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Mar 2024
5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
By
- Ed Moyle, Drake Software
Tip 08 Mar 2024
How to create a local admin account with Microsoft Intune

Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By
- Brien Posey
Feature 08 Mar 2024
GenAI risks, rewards arise for DevOps and platform engineers

From chatbots that alleviate pressure on IT help desks to full-fledged LLMOps, DevOps and platform teams are at the forefront of enterprise generative AI adoption. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities

CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Feb 2024
New Nvidia, GitHub AI coding assistants expand devs' options

GitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants. But caution, especially with security, is still warranted. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code

Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
By
- Rob Wright, Senior News Director
News 22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage

Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Feb 2024
firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By
- Paul Kirvan
- Mike Chapple, University of Notre Dame
News 15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Feb 2024
February Patch Tuesday corrects two Windows zero-days

Administrators should focus on quickly deploying a critical vulnerability in Microsoft Outlook and exercising caution when applying an Exchange Server 2019 cumulative update. Continue Reading
By
- Tom Walat, Site Editor
Definition 12 Feb 2024
crisis management plan (CMP)

A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate. Continue Reading
By
- Rahul Awati
- Nick Barney, Technology Writer
- Paul Crocetti, Executive Editor
News 07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By
- Arielle Waldman, News Writer
Tip 31 Jan 2024
Top 15 email security best practices for 2024

Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
By
- Sharon Shea, Executive Editor
- Peter Loshin, Former Senior Technology Editor
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack

The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
By
- Rob Wright, Senior News Director
News 16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2024
Microsoft starts year with a subdued January Patch Tuesday

For the second month in a row, Microsoft had no zero-days and relatively few vulnerabilities for administrators to address. Continue Reading
By
- Tom Walat, Site Editor
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
News 27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild

On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Dec 2023
Cisco Security Cloud adds Isovalent for multi-cloud networks

The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 21 Dec 2023
Web fuzzing: Everything you need to know

Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps before attackers do. Continue Reading
By
- Rob Shapland
Definition 21 Dec 2023
Zoombombing

Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
By
- Corinne Bernstein
News 18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Dec 2023
business logic

In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. Continue Reading
By
- Robert Sheldon
- Ivy Wigmore