Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 28 Feb 2025
Microsoft targets AI deepfake cybercrime network in lawsuit

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Feb 2025
Why and how to create Azure service principals

Service principals are a convenient and secure way to protect Azure resources. Follow this step-by-step guide to create a service principal that defends vital Azure workloads. Continue Reading
By
- Stuart Burns

News 10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Aug 2023
Onapsis researchers detail new SAP security threats

At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Aug 2023
Several Exchange Server flaws fixed on August Patch Tuesday

Microsoft addresses 74 vulnerabilities this month with the on-premises email server platform returning to the spotlight with corrections to close six security holes. Continue Reading
By
- Tom Walat, Site Editor
News 09 Aug 2023
Tenable launches LLM-powered ExposureAI product

ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 09 Aug 2023
crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By
- Nick Barney, Technology Writer
- Brien Posey
Tip 08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices

IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By
- Michael Goad, CDW
Definition 08 Aug 2023
Google Play Protect

Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services. Continue Reading
By
- TechTarget Contributor
Definition 01 Aug 2023
Computer Fraud and Abuse Act (CFAA)

The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization. Continue Reading
By
- Robert Sheldon
- Ben Cole, Executive Editor
Definition 28 Jul 2023
national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
By
- Katie Terrell Hanna
Opinion 26 Jul 2023
Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 26 Jul 2023
How to avoid LinkedIn phishing attacks in the enterprise

Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B

With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Jul 2023
5 steps to approach BYOD compliance policies

It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By
- Will Kelly
- Mike Chapple, University of Notre Dame
News 24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack

Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By
- Rob Wright, Senior News Director
Tip 20 Jul 2023
API keys: Weaknesses and security best practices

API keys are not a replacement for API security. They only offer a first step in authentication -- and they require additional security measures to keep them protected. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 20 Jul 2023
Enterprise communication security a growing risk, priority

Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
By
- Craig Stedman, Industry Editor
News 19 Jul 2023
Citrix NetScaler ADC and Gateway flaw exploited in the wild

Critical remote code execution flaw CVE-2023-3519 was one of three vulnerabilities in Citrix's NetScaler ADC and Gateway. Customers are urged to patch their instances. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jul 2023
Multiple Adobe ColdFusion flaws exploited in the wild

One of the Adobe ColdFusion flaws exploited in the wild, CVE-2023-38203, was a zero-day bug that security vendor Project Discovery inadvertently published. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jul 2023
Orca: Google Cloud design flaw enables supply chain attacks

Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jul 2023
XSS zero-day flaw in Zimbra Collaboration Suite under attack

A manual workaround is currently available for a cross-site scripting vulnerability in Zimbra Collaboration Suite, though a patch won't be available until later this month. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jul 2023
Russia-based actor exploited unpatched Office zero day

Microsoft investigated an ongoing phishing campaign that leverages Word documents to deliver malicious attachments to targeted organizations in the U.S. and Europe. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 Jul 2023
IaC security scanning tools, features and use cases

Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 11 Jul 2023
Microsoft repairs 5 zero-days for July Patch Tuesday

The company addressed 130 vulnerabilities and provided additional instructions to fully resolve several bugs, which will require extra attention from IT this month. Continue Reading
By
- Tom Walat, Site Editor
Opinion 11 Jul 2023
Top developer relations trends for building stronger teams

Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 10 Jul 2023
TPG Capital acquires Forcepoint's government unit for $2.45B

Forcepoint's Global Governments and Critical Infrastructure unit will operate independently under TPG, while the commercial business will remain at Francisco Partners. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident

The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 29 Jun 2023
AI helps humans speed app modernization, improve security

Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 Jun 2023
DDoS attacks surging behind new techniques, geopolitical goals

A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
By
- Arielle Waldman, News Writer
News 27 Jun 2023
Censys finds hundreds of exposed devices in federal orgs

Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Jun 2023
How API gateways improve API security

API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading
By
- Michael Cobb
News 21 Jun 2023
Critical VMware Aria Operations bug under active exploitation

Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Jun 2023
Implement zero trust to improve API security

Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 20 Jun 2023
Blockchain security: Everything you should know for safe use

Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 20 Jun 2023
Attackers discovering exposed cloud assets within minutes

Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Jun 2023
Microsoft: DDoS attacks caused M365, Azure disruptions

Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 19 Jun 2023
App development trends and their security implications

Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale. Continue Reading
By
- Melinda Marks, Practice Director
- Paul Nashawaty
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw

CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2023
State governments among victims of MoveIT Transfer breach

The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2023
June Patch Tuesday settles two Exchange Server bugs

Microsoft's plans for upcoming security hardening in Kerberos and Netlogon protocols will have admins busy with testing over the next several weeks. Continue Reading
By
- Tom Walat, Site Editor
News 13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
By
- Rob Wright, Senior News Director
News 13 Jun 2023
Mandiant: New VMware ESXi zero-day used by Chinese APT

VMware said the ESXi flaw was 'low severity' despite being under active exploitation because it requires the attacker to already have gained root access on the target's system. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks

Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Jun 2023
logon (or login)

In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
By
- Robert Sheldon
News 08 Jun 2023
Barracuda: Replace vulnerable ESG devices 'immediately'

Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Continue Reading
By
- Arielle Waldman, News Writer
Tip 07 Jun 2023
6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 01 Jun 2023
Low-code/no-code use cases for security

Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility

The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
By
- Arielle Waldman, News Writer
News 31 May 2023
Barracuda zero-day bug exploited months prior to discovery

Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2023
Many Gigabyte PC models affected by major supply chain issue

Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 25 May 2023
Smart contract benefits and best practices for security

While smart contracts promise enormous benefits in the enterprise, they also present opportunities for cybercriminals. Explore best practices to keep them secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Karen Scarfone, Scarfone Cybersecurity
News 24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances

Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 23 May 2023
How to use Wfuzz to find web application vulnerabilities

By learning how to use Wfuzz for web application fuzz testing, bug bounty hunters can automate vulnerability discovery. Learn more in this excerpt from 'Bug Bounty Bootcamp.' Continue Reading
By
- Alissa Irei, Senior Site Editor
- No Starch Press
Guest Post 22 May 2023
Follow a 6-phase roadmap to secure cyber-physical systems

Cyber-physical systems help bridge the digital world with the physical world, but they introduce cybersecurity risks that must be addressed. Continue Reading
By
- Katell Thielemann
Definition 22 May 2023
API security

Application program interface (API) security refers to policies and procedures that protect APIs against malicious attacks and vulnerabilities. Continue Reading
By
- Kinza Yasar, Technical Writer
Tip 16 May 2023
SBOMs and security: What IT and DevOps need to know

By integrating software bill of materials creation into the software development lifecycle, IT and DevOps teams can build more secure and maintainable applications. Continue Reading
By
- Nihad Hassan
News 15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks

As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
By
- Arielle Waldman, News Writer
Tip 10 May 2023
5 SBOM tools to start securing the software supply chain

Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw

Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
By
- Arielle Waldman, News Writer
News 09 May 2023
Light May Patch Tuesday will weigh heavily on Windows admins

A zero-day that targets the Secure Boot feature will require extensive work from sysadmins to protect Windows systems from the Black Lotus bootkit. Continue Reading
By
- Tom Walat, Site Editor
Definition 09 May 2023
passkey

A passkey is an alternative method of user authentication that eliminates the need for usernames and passwords. Continue Reading
By
- Amanda Stevens
Definition 09 May 2023
hypervisor security

Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle. Continue Reading
By
- TechTarget Contributor
Feature 08 May 2023
Protestware explained: Everything you need to know

Developers use protestware technology to drive points home; some arrives as messages of defiance, others with malicious intent. Continue Reading
By
- Sean Michael Kerner
News 04 May 2023
Cybersecurity execs ponder software liability implementation

Reactions to the Biden Administration's push for legislation enforcing software liability were mostly positive, but questions remain regarding implementation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 May 2023
Google rolls out passkeys in service of passwordless future

Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 May 2023
CrowdStrike focuses on ChromeOS security, rising cloud threats

Raj Rajamani, CrowdStrike's chief product officer of data, identity, cloud and endpoint security, said ChromeOS devices are gaining increasing adoption in the enterprise space. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 02 May 2023
Risk & Repeat: Security industry bets on AI at RSA Conference

This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 May 2023
1Password execs outline shift to passwordless authentication

1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Apr 2023
Amid supply chain attacks, emerging vendor rethinks SBOM

Early adopters such as Swisscom have used startup Codenotary’s notarization system to establish and track the provenance of software artifacts in pipelines and production. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 27 Apr 2023
How Target built its DevSecOps culture using psychology

Building a healthy DevSecOps culture isn't easy. Learn how Target used organizational psychology to get development and application security teams on the same page. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype

CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By
- Arielle Waldman, News Writer
Definition 26 Apr 2023
Microsoft Windows Defender Device Guard

Windows Defender Device Guard is a security feature for Windows 10 and Windows Server designed to use application whitelisting and code integrity policies to protect users' devices from malicious code that could compromise the operating system. Continue Reading
By
- Kelly M. Stewart
News 25 Apr 2023
RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Apr 2023
Bugcrowd CTO talks hacker feedback, vulnerability disclosure

Bugcrowd CTO Casey Ellis said the company's new penetration testing service helps establish the company beyond public perception of it being purely a bug bounty platform. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 25 Apr 2023
Cloud-native security metrics for CISOs

Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 25 Apr 2023
Google, Mandiant highlight top threats, evolving adversaries

Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise. Continue Reading
By
- Arielle Waldman, News Writer
Tip 21 Apr 2023
How to create an SBOM, with example and template

SBOMs help organizations inventory every component in their software. This free template, which includes an SBOM example, can help you secure your own software supply chain. Continue Reading
By
- Rob Shapland
News 20 Apr 2023
Fortra completes GoAnywhere MFT investigation

An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Apr 2023
Sidecarless eBPF service mesh sparks debate

As cloud-native service meshes expand beyond Kubernetes, open source community members raise concerns about the security and suitability of eBPF in sidecarless architectures. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 20 Apr 2023
Mandiant: 3CX breach caused by second supply chain attack

Trading Technologies said in a statement it had 'not had the ability to verify the assertions in Mandiant's report' that its software played a role in the 3CX supply chain attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Apr 2023
Western Digital restores service; attack details remain unclear

While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Apr 2023
Hacking Policy Council launches, aims to improve bug disclosure

Founding members for the Hacking Policy Council, launched Thursday by the Center for Cybersecurity Policy and Law, include HackerOne, Bugcrowd, Google and others. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Apr 2023
Microsoft Defender for Endpoint (formerly Windows Defender ATP)

Microsoft Defender for Endpoint -- formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP -- is an endpoint security platform designed to help enterprise-class organizations prevent, detect and respond to security threats. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
News 12 Apr 2023
OpenAI launches bug bounty program with Bugcrowd

ChatGPT publisher OpenAI said its new Bugcrowd bug bounty program will not accept submissions involving "issues related to the content of model prompts and responses." Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Apr 2023
Nokoyawa ransomware exploits Windows CLFS zero-day

The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Apr 2023
Microsoft mends Windows zero-day on April Patch Tuesday

What's old is new again as multiple security updates from the past made a comeback this month to push the total number of vulnerabilities addressed to 102. Continue Reading
By
- Tom Walat, Site Editor
Tip 11 Apr 2023
How to fix the top 5 API vulnerabilities

APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities. Continue Reading
By
- Michael Cobb
News 07 Apr 2023
Microsoft, Fortra get court order to disrupt Cobalt Strike

Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Apr 2023
Securing remote access grows crucial for DevSecOps

Between remote work and hybrid cloud lies a menacing security gap that experts warn more and more businesses will fall into without a cohesive approach. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 04 Apr 2023
How to set up MFA for an organization's Microsoft 365

To deploy MFA to an entire Microsoft environment, specifically to Microsoft 365, IT administrators will need to set up authentication via Azure AD. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Podcast 04 Apr 2023
Risk & Repeat: Inside the 3CX supply chain attack

This podcast episode discusses the 3CX supply chain attack, where it may have started, who was behind it and how the unified communications vendor has responded to the incident. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Apr 2023
Istio service mesh doyen departs Google, touts Ambient Mesh

After 16 years at Google, Istio's co-founder takes over as CTO at Solo.io and goes all in on a project he believes will determine the future of cloud-native networking. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 03 Apr 2023
Source of 3CX supply chain attack unclear as fallout continues

Multiple statements originally referenced a third-party library as the apparent source for 3CX's recent supply chain attack, but that may no longer be the case. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Mar 2023
3CX desktop app compromised, abused in supply chain attack

3CX customers noticed that several threat detection platforms began flagging and blocking the UC vendor's desktop application last week due to malicious activity in the executable. Continue Reading
By
- Rob Wright, Senior News Director
News 30 Mar 2023
Azure Pipelines vulnerability spotlights supply chain threats

Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Rob Wright, Senior News Director
News 29 Mar 2023
Google: Spyware vendors exploiting iOS, Android zero days

Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat. Continue Reading
By
- Arielle Waldman, News Writer
Tip 28 Mar 2023
How to mitigate low-code/no-code security challenges

Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 27 Mar 2023
Zoom launches Okta Authentication for E2EE to verify identity

Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
By
- Arielle Waldman, News Writer
Feature 24 Mar 2023
SMS pumping attacks and how to mitigate them

Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
By
- Kyle Johnson, Technology Editor
News 23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks

Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Mar 2023
ZenGo finds transaction simulation flaw in Coinbase, others

Referred to as a 'red pill attack,' ZenGo researchers discovered a way to exploit smart contracts and bypass security features known as transaction simulation solutions. Continue Reading
By
- Alexander Culafi, Senior News Writer