Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor

News 31 Oct 2023
No patches yet for Apple iLeakage side-channel attack

Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Oct 2023
virtualization-based security (VBS)

Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware. Continue Reading
By
- Rahul Awati
- Colin Steele
Definition 30 Oct 2023
supercookie

A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits. Continue Reading
By
- Rahul Awati
- Madelyn Bacon, TechTarget
Tip 30 Oct 2023
What an email security policy is and how to build one

Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 24 Oct 2023
1Password stops attack linked to Okta breach

1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Oct 2023
Okta customer support system breached via stolen credentials

During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By
- Arielle Waldman, News Writer
Tip 20 Oct 2023
How to work with the new Windows LAPS feature

Microsoft updated this automated method to manage and back up passwords for local administrator accounts on Windows desktop and server systems. See what's new with Windows LAPS. Continue Reading
By
- Brien Posey
News 19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability

While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Oct 2023
Prisma Cloud analytics, automation boost DevSecOps speed

Prisma Cloud's Darwin update looks to address DevSecOps communication and velocity lags with centralized analytics and by ditching tickets for automated pull requests. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)

A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By
- Rahul Awati
Tip 17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges

Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 10 Oct 2023
Microsoft tackles three zero-days for October Patch Tuesday

The company releases fixes for several products affected by the HTTP/2 "Rapid Reset" vulnerability to help curb widespread Distributed Denial-of-Service attacks. Continue Reading
By
- Tom Walat, Site Editor
News 04 Oct 2023
Critical Atlassian Confluence zero-day flaw under attack

Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Oct 2023
Docker Scout GA leads 'local plus cloud' push

Docker Scout replaces open source Docker Scan with an event-driven vulnerability management system in a bid to boost the vendor's value beyond developers' local laptops. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 03 Oct 2023
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers

Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 03 Oct 2023
security posture

Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Linda Rosencrance
News 02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws

The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Sep 2023
How to use Wireshark to sniff and scan network traffic

Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By
- Ed Moyle, Drake Software
News 26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations

According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs

Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 18 Sep 2023
What to consider when creating a SaaS security strategy

Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 14 Sep 2023
CloudBees scales its Jenkins CI, previews SaaS platform

About a year after acquiring ReleaseIQ, CloudBees prepares the fruits of its integration for launch and adds long-awaited scale-out to its commercial version of Jenkins. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 14 Sep 2023
Developer platform Retool breached in vishing attack

A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
By
- Arielle Waldman, News Writer
Feature 14 Sep 2023
Generative AI emerges for DevSecOps, with some qualms

New and developing tools use natural language processing to assist DevSecOps workflows, but concerns linger among developers about security risks as well. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 12 Sep 2023
Microsoft solves two zero-days for September Patch Tuesday

Microsoft addresses 62 vulnerabilities this month, including a Microsoft Word flaw and a Windows bug that have both been exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
Podcast 12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks

Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Sep 2023
Cisco Full-Stack Observability draws on channel clout

Cisco's latest tie-in between app security and observability doesn't break new ground, but the vendor can use its network security cachet and partners to woo enterprise buyers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft

Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Sep 2023
Okta: 4 customers compromised in social engineering attacks

Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
Podcast 30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms

Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 29 Aug 2023
Microsoft Teams attack exposes collab platform security gaps

Criminal and state-sponsored hackers are ramping up cyberattacks on instant messaging platforms and other workplace collaboration tools. Meanwhile, enterprises' readiness lags. Continue Reading
By
- Shaun Sutner, News Director
News 29 Aug 2023
Mandiant reveals new backdoors used in Barracuda ESG attacks

Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices. Continue Reading
By
- Arielle Waldman, News Writer
Feature 25 Aug 2023
Better API security needed as companies modernize apps

As developers build more complex applications, the widespread use of APIs is creating significant security challenges for organizations, according to a new survey from ESG. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
News 24 Aug 2023
FBI: Suspected Chinese actors continue Barracuda ESG attacks

The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 Aug 2023
BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
By
- Robert Sheldon
- Sharon Shea, Executive Editor
News 22 Aug 2023
Ivanti issues fix for third zero-day flaw exploited in the wild

CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Aug 2023
Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 18 Aug 2023
Electronic Discovery Reference Model (EDRM)

The Electronic Discovery Reference Model (EDRM) is a conceptual framework that outlines activities for the recovery and discovery of digital data. Continue Reading
By
- Rahul Awati
News 17 Aug 2023
CISA, vendors warn Citrix ShareFile flaw under attack

A vulnerability in the managed file transfer product that enterprises use is being actively exploited two months after Citrix released a fix. Continue Reading
By
- Arielle Waldman, News Writer
Definition 11 Aug 2023
message authentication code (MAC)

A message authentication code (MAC) is a cryptographic checksum applied to a message in network communication to guarantee its integrity and authenticity. Continue Reading
By
- Robert Sheldon
News 10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats

Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Aug 2023
Onapsis researchers detail new SAP security threats

At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Aug 2023
Several Exchange Server flaws fixed on August Patch Tuesday

Microsoft addresses 74 vulnerabilities this month with the on-premises email server platform returning to the spotlight with corrections to close six security holes. Continue Reading
By
- Tom Walat, Site Editor
News 09 Aug 2023
Tenable launches LLM-powered ExposureAI product

ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 09 Aug 2023
crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By
- Nick Barney, Technology Writer
- Brien Posey
Tip 08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices

IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By
- Michael Goad, CDW
Definition 08 Aug 2023
Google Play Protect

Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services. Continue Reading
By
- TechTarget Contributor
Definition 01 Aug 2023
Computer Fraud and Abuse Act (CFAA)

The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization. Continue Reading
By
- Robert Sheldon
- Ben Cole, Executive Editor
Definition 28 Jul 2023
national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
By
- Katie Terrell Hanna
Opinion 26 Jul 2023
Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 26 Jul 2023
How to avoid LinkedIn phishing attacks in the enterprise

Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B

With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Jul 2023
5 steps to approach BYOD compliance policies

It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By
- Will Kelly
- Mike Chapple, University of Notre Dame
News 24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack

Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By
- Rob Wright, Senior News Director
Tip 20 Jul 2023
API keys: Weaknesses and security best practices

API keys are not a replacement for API security. They only offer a first step in authentication -- and they require additional security measures to keep them protected. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 20 Jul 2023
Enterprise communication security a growing risk, priority

Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
By
- Craig Stedman, Industry Editor
News 19 Jul 2023
Citrix NetScaler ADC and Gateway flaw exploited in the wild

Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jul 2023
Multiple Adobe ColdFusion flaws exploited in the wild

One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jul 2023
Orca: Google Cloud design flaw enables supply chain attacks

Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jul 2023
XSS zero-day flaw in Zimbra Collaboration Suite under attack

A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jul 2023
Russia-based actor exploited unpatched Office zero day

Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Jul 2023
IaC security scanning tools, features and use cases

Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 11 Jul 2023
Microsoft repairs 5 zero-days for July Patch Tuesday

The company addressed 130 vulnerabilities and provided additional instructions to fully resolve several bugs, which will require extra attention from IT this month. Continue Reading
By
- Tom Walat, Site Editor
Opinion 11 Jul 2023
Top developer relations trends for building stronger teams

Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 10 Jul 2023
TPG Capital acquires Forcepoint's government unit for $2.45B

Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident

The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 29 Jun 2023
AI helps humans speed app modernization, improve security

Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 Jun 2023
DDoS attacks surging behind new techniques, geopolitical goals

A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
By
- Arielle Waldman, News Writer
News 27 Jun 2023
Censys finds hundreds of exposed devices in federal orgs

Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Jun 2023
How API gateways improve API security

API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading
By
- Michael Cobb
News 21 Jun 2023
Critical VMware Aria Operations bug under active exploitation

Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Jun 2023
Implement zero trust to improve API security

Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 20 Jun 2023
Blockchain security: Everything you should know for safe use

Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 20 Jun 2023
Attackers discovering exposed cloud assets within minutes

Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Jun 2023
Microsoft: DDoS attacks caused M365, Azure disruptions

Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 19 Jun 2023
App development trends and their security implications

Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw

CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2023
State governments among victims of MoveIT Transfer breach

The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2023
June Patch Tuesday settles two Exchange Server bugs

Microsoft's plans for upcoming security hardening in Kerberos and Netlogon protocols will have admins busy with testing over the next several weeks. Continue Reading
By
- Tom Walat, Site Editor
News 13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
By
- Rob Wright, Senior News Director
News 13 Jun 2023
Mandiant: New VMware ESXi zero-day used by Chinese APT

VMware said the ESXi flaw was 'low severity' despite being under active exploitation because it requires the attacker to already have gained root access on the target's system. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks

Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Jun 2023
logon (or login)

In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
By
- Robert Sheldon
News 08 Jun 2023
Barracuda: Replace vulnerable ESG devices 'immediately'

Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Continue Reading
By
- Arielle Waldman, News Writer
Tip 07 Jun 2023
6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 01 Jun 2023
Low-code/no-code use cases for security

Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility

The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
By
- Arielle Waldman, News Writer
News 31 May 2023
Barracuda zero-day bug exploited months prior to discovery

Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2023
Many Gigabyte PC models affected by major supply chain issue

Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 25 May 2023
Smart contract benefits and best practices for security

While smart contracts promise enormous benefits in the enterprise, they also present opportunities for cybercriminals. Explore best practices to keep them secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Karen Scarfone, Scarfone Cybersecurity
News 24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances

Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 23 May 2023
How to use Wfuzz to find web application vulnerabilities

By learning how to use Wfuzz for web application fuzz testing, bug bounty hunters can automate vulnerability discovery. Learn more in this excerpt from 'Bug Bounty Bootcamp.' Continue Reading
By
- Alissa Irei, Senior Site Editor
- No Starch Press
Guest Post 22 May 2023
Follow a 6-phase roadmap to secure cyber-physical systems

Cyber-physical systems help bridge the digital world with the physical world, but they introduce cybersecurity risks that must be addressed. Continue Reading
By
- Katell Thielemann
Definition 22 May 2023
API security

Application program interface (API) security refers to policies and procedures that protect APIs against malicious attacks and vulnerabilities. Continue Reading
By
- Kinza Yasar, Technical Writer
Tip 16 May 2023
SBOMs and security: What IT and DevOps need to know

By integrating software bill of materials creation into the software development lifecycle, IT and DevOps teams can build more secure and maintainable applications. Continue Reading
By
- Nihad Hassan
News 15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks

As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
By
- Arielle Waldman, News Writer
Tip 10 May 2023
5 SBOM tools to start securing the software supply chain

Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw

Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
By
- Arielle Waldman, News Writer
News 09 May 2023
Light May Patch Tuesday will weigh heavily on Windows admins

A zero-day that targets the Secure Boot feature will require extensive work from sysadmins to protect Windows systems from the Black Lotus bootkit. Continue Reading
By
- Tom Walat, Site Editor