Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Tip
16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC
DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
-
News
12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack
The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Dec 2023
Microsoft delivers light December Patch Tuesday for admins
IT operations teams should prioritize deploying the Windows cumulative update to dispatch a critical MSHTML bug affecting Microsoft Outlook. Continue Reading
By- Tom Walat, Site Editor
-
Opinion
12 Dec 2023
Application security consolidation remains nuanced
As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models
Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By- Rob Wright, Senior News Director
-
News
04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw
Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By- Arielle Waldman, News Writer
-
News
30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites
Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By- Rob Wright, Senior News Director
-
News
29 Nov 2023
Okta: Support system breach affected all customers
Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
20 Nov 2023
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
14 Nov 2023
Microsoft halts 3 zero-days on November Patch Tuesday
Microsoft addresses 67 vulnerabilities, including six critical, and shuts down four bugs in the Exchange Server email platform this month. Continue Reading
By- Tom Walat, Site Editor
-
News
14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw
Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Nov 2023
Generative AI brings changes to cloud-native platforms
Generative AI took over tech in 2023, and cloud-native platforms are no exception. The need to support LLMs is already affecting CNCF projects, including Kubernetes. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability
SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Nov 2023
Atlassian Confluence vulnerability under widespread attack
Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Nov 2023
Intel exec affixes OpenSSF, CNCF open source security efforts
Intel's Arun Gupta, now governing board chair of both the CNCF and OpenSSF, discusses his plans to bring all three organizations together to improve open source security. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws
Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
06 Nov 2023
multisig (multisignature)
Multisig, also called multisignature, is the requirement for a transaction to have two or more signatures before it can be executed. Continue Reading
-
News
02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security
In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
02 Nov 2023
Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type
Microsoft published patches to address all 117 Microsoft 365 Apps flaws disclosed Tuesday, and the tech giant has disabled support for SketchUp, or SKP, 3D model files. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
01 Nov 2023
authentication
Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
-
News
31 Oct 2023
No patches yet for Apple iLeakage side-channel attack
Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
31 Oct 2023
virtualization-based security (VBS)
Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware. Continue Reading
-
Definition
30 Oct 2023
supercookie
A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits. Continue Reading
By- Rahul Awati
- Madelyn Bacon, TechTarget
-
Tip
30 Oct 2023
What an email security policy is and how to build one
Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
24 Oct 2023
1Password stops attack linked to Okta breach
1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Oct 2023
Okta customer support system breached via stolen credentials
During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
20 Oct 2023
How to work with the new Windows LAPS feature
Microsoft updated this automated method to manage and back up passwords for local administrator accounts on Windows desktop and server systems. See what's new with Windows LAPS. Continue Reading
By -
News
19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Oct 2023
Prisma Cloud analytics, automation boost DevSecOps speed
Prisma Cloud's Darwin update looks to address DevSecOps communication and velocity lags with centralized analytics and by ditching tickets for automated pull requests. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)
A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By -
Tip
17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
10 Oct 2023
Microsoft tackles three zero-days for October Patch Tuesday
The company releases fixes for several products affected by the HTTP/2 "Rapid Reset" vulnerability to help curb widespread Distributed Denial-of-Service attacks. Continue Reading
By- Tom Walat, Site Editor
-
News
04 Oct 2023
Critical Atlassian Confluence zero-day flaw under attack
Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
04 Oct 2023
Docker Scout GA leads 'local plus cloud' push
Docker Scout replaces open source Docker Scan with an event-driven vulnerability management system in a bid to boost the vendor's value beyond developers' local laptops. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
03 Oct 2023
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers
Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
03 Oct 2023
security posture
Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Linda Rosencrance
-
News
02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws
The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Sep 2023
How to use Wireshark to sniff and scan network traffic
Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By- Ed Moyle, Drake Software
-
News
26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations
According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs
Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
18 Sep 2023
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
14 Sep 2023
CloudBees scales its Jenkins CI, previews SaaS platform
About a year after acquiring ReleaseIQ, CloudBees prepares the fruits of its integration for launch and adds long-awaited scale-out to its commercial version of Jenkins. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
14 Sep 2023
Developer platform Retool breached in vishing attack
A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
14 Sep 2023
Generative AI emerges for DevSecOps, with some qualms
New and developing tools use natural language processing to assist DevSecOps workflows, but concerns linger among developers about security risks as well. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
12 Sep 2023
Microsoft solves two zero-days for September Patch Tuesday
Microsoft addresses 62 vulnerabilities this month, including a Microsoft Word flaw and a Windows bug that have both been exploited in the wild. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Sep 2023
Cisco Full-Stack Observability draws on channel clout
Cisco's latest tie-in between app security and observability doesn't break new ground, but the vendor can use its network security cachet and partners to woo enterprise buyers. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Sep 2023
Okta: 4 customers compromised in social engineering attacks
Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
-
Podcast
30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
29 Aug 2023
Microsoft Teams attack exposes collab platform security gaps
Criminal and state-sponsored hackers are ramping up cyberattacks on instant messaging platforms and other workplace collaboration tools. Meanwhile, enterprises' readiness lags. Continue Reading
By- Shaun Sutner, News Director
-
News
29 Aug 2023
Mandiant reveals new backdoors used in Barracuda ESG attacks
Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
25 Aug 2023
Better API security needed as companies modernize apps
As developers build more complex applications, the widespread use of APIs is creating significant security challenges for organizations, according to a new survey from ESG. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
-
News
24 Aug 2023
FBI: Suspected Chinese actors continue Barracuda ESG attacks
The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
23 Aug 2023
BYOI (bring your own identity)
BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
By- Robert Sheldon
- Sharon Shea, Executive Editor
-
News
22 Aug 2023
Ivanti issues fix for third zero-day flaw exploited in the wild
CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Aug 2023
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Aug 2023
Electronic Discovery Reference Model (EDRM)
The Electronic Discovery Reference Model (EDRM) is a conceptual framework that outlines activities for the recovery and discovery of digital data. Continue Reading
By -
News
17 Aug 2023
CISA, vendors warn Citrix ShareFile flaw under attack
A vulnerability in the managed file transfer product that enterprises use is being actively exploited two months after Citrix released a fix. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
11 Aug 2023
message authentication code (MAC)
A message authentication code (MAC) is a cryptographic checksum applied to a message in network communication to guarantee its integrity and authenticity. Continue Reading
-
News
10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats
Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Aug 2023
Onapsis researchers detail new SAP security threats
At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Aug 2023
Several Exchange Server flaws fixed on August Patch Tuesday
Microsoft addresses 74 vulnerabilities this month with the on-premises email server platform returning to the spotlight with corrections to close six security holes. Continue Reading
By- Tom Walat, Site Editor
-
News
09 Aug 2023
Tenable launches LLM-powered ExposureAI product
ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
09 Aug 2023
crisis management
Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By- Nick Barney, Technology Writer
- Brien Posey
-
Tip
08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices
IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By- Michael Goad, CDW
-
Definition
08 Aug 2023
Google Play Protect
Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services. Continue Reading
-
Definition
01 Aug 2023
Computer Fraud and Abuse Act (CFAA)
The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization. Continue Reading
By- Robert Sheldon
- Ben Cole, Executive Editor
-
Definition
28 Jul 2023
national identity card
A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
-
Opinion
26 Jul 2023
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
26 Jul 2023
How to avoid LinkedIn phishing attacks in the enterprise
Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B
With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
25 Jul 2023
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By- Will Kelly
- Mike Chapple, University of Notre Dame
-
News
24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack
Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
20 Jul 2023
API keys: Weaknesses and security best practices
API keys are not a replacement for API security. They only offer a first step in authentication -- and they require additional security measures to keep them protected. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Feature
20 Jul 2023
Enterprise communication security a growing risk, priority
Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
By- Craig Stedman, Industry Editor
-
News
19 Jul 2023
Citrix NetScaler ADC and Gateway flaw exploited in the wild
Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Jul 2023
Multiple Adobe ColdFusion flaws exploited in the wild
One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Jul 2023
Orca: Google Cloud design flaw enables supply chain attacks
Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Jul 2023
XSS zero-day flaw in Zimbra Collaboration Suite under attack
A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Jul 2023
Russia-based actor exploited unpatched Office zero day
Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
12 Jul 2023
IaC security scanning tools, features and use cases
Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
11 Jul 2023
Microsoft repairs 5 zero-days for July Patch Tuesday
The company addressed 130 vulnerabilities and provided additional instructions to fully resolve several bugs, which will require extra attention from IT this month. Continue Reading
By- Tom Walat, Site Editor
-
Opinion
11 Jul 2023
Top developer relations trends for building stronger teams
Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
By- Melinda Marks, Practice Director
- Paul Nashawaty
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
10 Jul 2023
TPG Capital acquires Forcepoint's government unit for $2.45B
Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident
The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
29 Jun 2023
AI helps humans speed app modernization, improve security
Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
By- Melinda Marks, Practice Director
- Paul Nashawaty
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
28 Jun 2023
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Jun 2023
Censys finds hundreds of exposed devices in federal orgs
Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Jun 2023
How API gateways improve API security
API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading
By -
News
21 Jun 2023
Critical VMware Aria Operations bug under active exploitation
Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
20 Jun 2023
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Feature
20 Jun 2023
Blockchain security: Everything you should know for safe use
Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
20 Jun 2023
Attackers discovering exposed cloud assets within minutes
Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
19 Jun 2023
Microsoft: DDoS attacks caused M365, Azure disruptions
Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
19 Jun 2023
App development trends and their security implications
Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale. Continue Reading
By- Melinda Marks, Practice Director
- Paul Nashawaty
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw
CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Jun 2023
State governments among victims of MoveIT Transfer breach
The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Jun 2023
June Patch Tuesday settles two Exchange Server bugs
Microsoft's plans for upcoming security hardening in Kerberos and Netlogon protocols will have admins busy with testing over the next several weeks. Continue Reading
By- Tom Walat, Site Editor
-
News
13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions
At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
By- Rob Wright, Senior News Director