Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Tip
16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC
DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
-
News
12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack
The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Jun 2023
Mandiant: New VMware ESXi zero-day used by Chinese APT
VMware said the ESXi flaw was 'low severity' despite being under active exploitation because it requires the attacker to already have gained root access on the target's system. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks
Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Jun 2023
logon (or login)
In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
-
News
08 Jun 2023
Barracuda: Replace vulnerable ESG devices 'immediately'
Customers with email security gateway appliances affected by a recent zero-day flaw, CVE-2023-2868, are being urged to replace devices, even if the hardware has been patched. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
07 Jun 2023
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Tip
01 Jun 2023
Low-code/no-code use cases for security
Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility
The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
By- Arielle Waldman, News Writer
-
News
31 May 2023
Barracuda zero-day bug exploited months prior to discovery
Barracuda said a zero-day flaw used to target its email security gateway appliance customers is a remote command injection vulnerability exploited since at least October 2022. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 May 2023
Many Gigabyte PC models affected by major supply chain issue
Eclypsium researchers say the insecure implementation of PC hardware manufacturer Gigabyte's App Center could potentially result in supply chain attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
25 May 2023
Smart contract benefits and best practices for security
While smart contracts promise enormous benefits in the enterprise, they also present opportunities for cybercriminals. Explore best practices to keep them secure. Continue Reading
By- Alissa Irei, Senior Site Editor
- Karen Scarfone, Scarfone Cybersecurity
-
News
24 May 2023
Barracuda discloses zero-day flaw affecting ESG appliances
Barracuda Networks said threat actors exploited the zero-day to gain 'unauthorized access to a subset of email gateway appliances,' though it did not say how many. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
23 May 2023
How to use Wfuzz to find web application vulnerabilities
By learning how to use Wfuzz for web application fuzz testing, bug bounty hunters can automate vulnerability discovery. Learn more in this excerpt from 'Bug Bounty Bootcamp.' Continue Reading
By- Alissa Irei, Senior Site Editor
- No Starch Press
-
Guest Post
22 May 2023
Follow a 6-phase roadmap to secure cyber-physical systems
Cyber-physical systems help bridge the digital world with the physical world, but they introduce cybersecurity risks that must be addressed. Continue Reading
By- Katell Thielemann
-
Definition
22 May 2023
API security
Application program interface (API) security refers to policies and procedures that protect APIs against malicious attacks and vulnerabilities. Continue Reading
By- Kinza Yasar, Technical Writer
-
Tip
16 May 2023
SBOMs and security: What IT and DevOps need to know
By integrating software bill of materials creation into the software development lifecycle, IT and DevOps teams can build more secure and maintainable applications. Continue Reading
By -
News
15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks
As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
10 May 2023
5 SBOM tools to start securing the software supply chain
Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
10 May 2023
Akamai bypasses mitigation for critical Microsoft Outlook flaw
Enterprises might remain vulnerable to a critical Outlook flaw that Microsoft patched in March, as an Akamai researcher uncovered a way to bypass remediation efforts. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 May 2023
Light May Patch Tuesday will weigh heavily on Windows admins
A zero-day that targets the Secure Boot feature will require extensive work from sysadmins to protect Windows systems from the Black Lotus bootkit. Continue Reading
By- Tom Walat, Site Editor
-
Definition
09 May 2023
passkey
A passkey is an alternative method of user authentication that eliminates the need for usernames and passwords. Continue Reading
-
Definition
09 May 2023
hypervisor security
Hypervisor security is the process of ensuring the hypervisor -- the software that enables virtualization -- is secure throughout its lifecycle. Continue Reading
-
Feature
08 May 2023
Protestware explained: Everything you need to know
Developers use protestware technology to drive points home; some arrives as messages of defiance, others with malicious intent. Continue Reading
-
News
04 May 2023
Cybersecurity execs ponder software liability implementation
Reactions to the Biden Administration's push for legislation enforcing software liability were mostly positive, but questions remain regarding implementation. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 May 2023
Google rolls out passkeys in service of passwordless future
Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 May 2023
CrowdStrike focuses on ChromeOS security, rising cloud threats
Raj Rajamani, CrowdStrike's chief product officer of data, identity, cloud and endpoint security, said ChromeOS devices are gaining increasing adoption in the enterprise space. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
02 May 2023
Risk & Repeat: Security industry bets on AI at RSA Conference
This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
01 May 2023
1Password execs outline shift to passwordless authentication
1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Apr 2023
Amid supply chain attacks, emerging vendor rethinks SBOM
Early adopters such as Swisscom have used startup Codenotary’s notarization system to establish and track the provenance of software artifacts in pipelines and production. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Feature
27 Apr 2023
How Target built its DevSecOps culture using psychology
Building a healthy DevSecOps culture isn't easy. Learn how Target used organizational psychology to get development and application security teams on the same page. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype
CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
26 Apr 2023
Microsoft Windows Defender Device Guard
Windows Defender Device Guard is a security feature for Windows 10 and Windows Server designed to use application whitelisting and code integrity policies to protect users' devices from malicious code that could compromise the operating system. Continue Reading
-
News
25 Apr 2023
RSAC panel warns AI poses unintended security consequences
A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Apr 2023
Bugcrowd CTO talks hacker feedback, vulnerability disclosure
Bugcrowd CTO Casey Ellis said the company's new penetration testing service helps establish the company beyond public perception of it being purely a bug bounty platform. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
25 Apr 2023
Cloud-native security metrics for CISOs
Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
25 Apr 2023
Google, Mandiant highlight top threats, evolving adversaries
Enterprises are struggling to keep up as adversary groups improve tactics. But one of the most difficult groups to defend against, according to Google and Mandiant, was a surprise. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
21 Apr 2023
How to create an SBOM, with example and template
SBOMs help organizations inventory every component in their software. This free template, which includes an SBOM example, can help you secure your own software supply chain. Continue Reading
By -
News
20 Apr 2023
Fortra completes GoAnywhere MFT investigation
An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Apr 2023
Sidecarless eBPF service mesh sparks debate
As cloud-native service meshes expand beyond Kubernetes, open source community members raise concerns about the security and suitability of eBPF in sidecarless architectures. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
20 Apr 2023
Mandiant: 3CX breach caused by second supply chain attack
Trading Technologies said in a statement it had 'not had the ability to verify the assertions in Mandiant's report' that its software played a role in the 3CX supply chain attack. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Apr 2023
Western Digital restores service; attack details remain unclear
While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Apr 2023
Hacking Policy Council launches, aims to improve bug disclosure
Founding members for the Hacking Policy Council, launched Thursday by the Center for Cybersecurity Policy and Law, include HackerOne, Bugcrowd, Google and others. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
13 Apr 2023
Microsoft Defender for Endpoint (formerly Windows Defender ATP)
Microsoft Defender for Endpoint -- formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP -- is an endpoint security platform designed to help enterprise-class organizations prevent, detect and respond to security threats. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Brien Posey
-
News
12 Apr 2023
OpenAI launches bug bounty program with Bugcrowd
ChatGPT publisher OpenAI said its new Bugcrowd bug bounty program will not accept submissions involving "issues related to the content of model prompts and responses." Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Apr 2023
Nokoyawa ransomware exploits Windows CLFS zero-day
The Nokoyawa ransomware attacks highlight the growing use of zero-day exploits by a variety of threat groups, including financially motivated cybercriminals. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Apr 2023
Microsoft mends Windows zero-day on April Patch Tuesday
What's old is new again as multiple security updates from the past made a comeback this month to push the total number of vulnerabilities addressed to 102. Continue Reading
By- Tom Walat, Site Editor
-
Tip
11 Apr 2023
How to fix the top 5 API vulnerabilities
APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities. Continue Reading
By -
News
07 Apr 2023
Microsoft, Fortra get court order to disrupt Cobalt Strike
Microsoft, Fortra and the Health Information Sharing and Analysis center announced they obtained a court order in an effort to curb malicious Cobalt Strike use. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Apr 2023
Securing remote access grows crucial for DevSecOps
Between remote work and hybrid cloud lies a menacing security gap that experts warn more and more businesses will fall into without a cohesive approach. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
04 Apr 2023
How to set up MFA for an organization's Microsoft 365
To deploy MFA to an entire Microsoft environment, specifically to Microsoft 365, IT administrators will need to set up authentication via Azure AD. Continue Reading
By- Helen Searle-Jones, Tritech Group
-
Podcast
04 Apr 2023
Risk & Repeat: Inside the 3CX supply chain attack
This podcast episode discusses the 3CX supply chain attack, where it may have started, who was behind it and how the unified communications vendor has responded to the incident. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 Apr 2023
Istio service mesh doyen departs Google, touts Ambient Mesh
After 16 years at Google, Istio's co-founder takes over as CTO at Solo.io and goes all in on a project he believes will determine the future of cloud-native networking. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
03 Apr 2023
Source of 3CX supply chain attack unclear as fallout continues
Multiple statements originally referenced a third-party library as the apparent source for 3CX's recent supply chain attack, but that may no longer be the case. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
30 Mar 2023
3CX desktop app compromised, abused in supply chain attack
3CX customers noticed that several threat detection platforms began flagging and blocking the UC vendor's desktop application last week due to malicious activity in the executable. Continue Reading
By- Rob Wright, Senior News Director
-
News
30 Mar 2023
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Continue Reading
By- Beth Pariseau, Senior News Writer
- Rob Wright, Senior News Director
-
News
29 Mar 2023
Google: Spyware vendors exploiting iOS, Android zero days
Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
28 Mar 2023
How to mitigate low-code/no-code security challenges
Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
27 Mar 2023
Zoom launches Okta Authentication for E2EE to verify identity
Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
24 Mar 2023
SMS pumping attacks and how to mitigate them
Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Mar 2023
ZenGo finds transaction simulation flaw in Coinbase, others
Referred to as a 'red pill attack,' ZenGo researchers discovered a way to exploit smart contracts and bypass security features known as transaction simulation solutions. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
15 Mar 2023
quantum supremacy
Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. Continue Reading
By -
News
14 Mar 2023
Microsoft stops two zero-days for March Patch Tuesday
The company corrects actively exploited vulnerabilities that affected Microsoft Outlook and the Windows OS in this month's batch of security updates. Continue Reading
By- Tom Walat, Site Editor
-
News
14 Mar 2023
Magniber ransomware actors exploiting Microsoft zero day
Magniber ransomware actors discovered a way to bypass Microsoft's remediation for a previous SmartScreen vulnerability to attack enterprises, according to Google researchers. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Mar 2023
IceFire ransomware targets Linux, exploits IBM vulnerability
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in IBM's Aspera Faspex file sharing software. Continue Reading
By- Arielle Waldman, News Writer
-
Podcast
07 Mar 2023
Biden administration raises software liability questions
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold technology companies liable for insecure software. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
07 Mar 2023
fuzz testing (fuzzing)
Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
01 Mar 2023
SBOM graph database aims to be cloud security secret sauce
An open source consortium that includes Google plans to release a deployable beta of the GUAC project this month, a possible milestone for cloud-native SBOM. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
23 Feb 2023
CEO reflects on remote work, team-building amid Ukraine war
A GraphQL API management company is on track for an official launch in the coming months, despite a year of massive challenges for its developer team in Ukraine. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
21 Feb 2023
GoDaddy's response to 'multi-year' breach criticized
GoDaddy took nearly three months to disclose that attackers breached the company in a multi-year campaign, and customers are still in the dark about the details of the attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Feb 2023
Dynatrace security AI roots out Log4j, sets tone for roadmap
Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
16 Feb 2023
How to filter Security log events for signs of trouble
Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
-
Tip
16 Feb 2023
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
News
15 Feb 2023
Microsoft remedies three zero-days on February Patch Tuesday
The company releases its security updates to shut down the vulnerabilities threat actors have been actively using for attacks in the wild. Continue Reading
By- Tom Walat, Site Editor
-
Opinion
14 Feb 2023
Top takeaways from first CloudNativeSecurityCon
TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
13 Feb 2023
Namecheap email system hacked, used for phishing campaign
While the domain registrar said it was not breached directly, it did confirm its third-party email system was compromised Sunday and warned customers not to open any unauthorized emails. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
08 Feb 2023
DevSecOps needs to improve to grow adoption rates, maturity
Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
08 Feb 2023
Windows Defender Exploit Guard
Microsoft Windows Defender Exploit Guard is antimalware software that provides intrusion protection for Windows 10 OS users. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
07 Feb 2023
Cisco samples OpenTelemetry-based observability tool blends
Updates set to ship this week and next quarter will unify data collection for Cisco's observability and security tools and catch them up with full-stack competitors. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
03 Feb 2023
WebAuthn API
The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers. Continue Reading
-
Tip
02 Feb 2023
Speed up onboarding with Active Directory user templates
Active Directory account templates are not difficult to make. But it helps to know how to use certain shortcuts, like variables, to create home directories and roaming profiles. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Tip
31 Jan 2023
What cybersecurity consolidation means for enterprises
Experts predict cybersecurity consolidation will increase in the months and years ahead. Security leaders should consider what that means for their purchasing strategies. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Tip
27 Jan 2023
EDR tools for Windows Server compared
Windows Server 2022 comes with native security technologies to protect the enterprise. But endpoint detection and response tools can be worth the price of admission. Continue Reading
By -
News
25 Jan 2023
OpenSSF GM talks funding, legal software supply chain issues
The OpenSSF leader lays out plans fund open source software supply chain security in a slowing economy and to speak out against the EU's Cyber Resilience Act. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Opinion
24 Jan 2023
5 ways to enable secure software development in 2023
Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
20 Jan 2023
T-Mobile data breach affects 37M customers
T-Mobile said a threat actor first began using an API in November to obtain the personal data of 37 million customer accounts, though no financial data was affected. Continue Reading
By- Rob Wright, Senior News Director
-
News
18 Jan 2023
Bitzlato cryptocurrency exchange founder arrested, charged
Russian national Anatoly Legkodymov is accused of using Bitzlato to process more than $700 million in illicit cryptocurrency transactions, including ransomware payments. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Jan 2023
Microsoft resolves Windows zero-day on January Patch Tuesday
The company also issues five corrections, all with a rating of important, to address vulnerabilities on its on-premises Exchange Server email platform. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
10 Jan 2023
Risk & Repeat: Analyzing the Rackspace ransomware attack
This Risk & Repeat podcast episode discusses new details of the Rackspace ransomware attack, as well as the questions remaining following the company's final status update. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
06 Jan 2023
Rackspace: Ransomware actor accessed 27 customers' data
Rackspace said Personal Storage Tables of 27 customers were accessed in the attack last month, but added there was no evidence threat actors viewed, obtained or misused the data. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
04 Jan 2023
Rackspace: Ransomware attack caused by zero-day exploit
The exploit that led to the Rackspace ransomware attack, referred to as OWASSRF, combines two Exchange Server flaws -- CVE-2022-41080 and a ProxyNotShell flaw, CVE-2022-41082. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 Jan 2023
Many Exchange servers still vulnerable to ProxyNotShell flaw
A new exploit chain using one of the ProxyNotShell vulnerabilities has bypassed Microsoft's URL Rewrite mitigations from September and put Exchange servers at risk. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Dec 2022
Malicious Python package in PyPI poses as SentinelOne SDK
No attacks resulting from the malicious Python package have been recorded to date. However, according to PyPI, more than 1,000 users had downloaded it before it was taken down. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
16 Dec 2022
GPS jamming
GPS jamming is the act of using a frequency transmitting device to block or interfere with radio communications. Continue Reading
By -
News
15 Dec 2022
Google drops TrustCor certificates as questions loom
Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
15 Dec 2022
Low-code/no-code security risks climb as tools gain traction
Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some unpleasant surprises if you're unprepared. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
15 Dec 2022
Lego site vulnerabilities highlight API security gaps
What's old is new again: Lego site BrickLink was found vulnerable to cross-site scripting and other well-understood types of attacks, intensifying scrutiny on API security. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
13 Dec 2022
Microsoft addresses two zero days in December Patch Tuesday
December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Dec 2022
Citrix ADC and Gateway zero day under active exploitation
The NSA said that APT5, a suspected Chinese nation-state threat group, is actively exploiting the Citrix zero-day flaw, which affects the vendor's ADC and Gateway products. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Dec 2022
Claroty unveils web application firewall bypassing technique
Claroty's attack technique bypasses web application firewalls, or WAFs, by tricking those that can't detect JSON as part of their SQL injection detection process. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tutorial
07 Dec 2022
How to use Wireshark OUI lookup for network security
Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading
By- Peter Loshin, Former Senior Technology Editor