Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 28 Feb 2025
Microsoft targets AI deepfake cybercrime network in lawsuit

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Feb 2025
Why and how to create Azure service principals

Service principals are a convenient and secure way to protect Azure resources. Follow this step-by-step guide to create a service principal that defends vital Azure workloads. Continue Reading
By
- Stuart Burns

News 23 Dec 2021
ManageEngine attacks draw warning from FBI

The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
By
- Shaun Nichols
Tip 22 Dec 2021
Cybersecurity asset management takes ITAM to the next level

Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability

The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
By
- Michael Cobb
News 20 Dec 2021
Log4j 2.17.0 fixes newly discovered exploit

The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Dec 2021
Apple v. NSO Group: How will it affect security researchers?

While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Dec 2021
Critical bugs could go unpatched amid Log4j concern

Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
By
- Shaun Nichols
Podcast 17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry

This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Dec 2021
Log4j gets a second update as security woes pile up

Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
By
- Shaun Nichols
News 15 Dec 2021
Log4Shell flaw looms over December Patch Tuesday

Microsoft issued security updates for 67 CVEs, including a Windows AppX Installer zero-day, but a Java-based vulnerability has many IT departments on edge. Continue Reading
By
- Tom Walat, Site Editor
News 14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach

Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 14 Dec 2021
4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Definition 14 Dec 2021
What is a micro VM (micro virtual machine)?

A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Sharon Shea, Executive Editor
News 13 Dec 2021
Fixes for Log4j flaw arise as attacks soar

Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
By
- Shaun Nichols
News 13 Dec 2021
Critical Log4j flaw exploited a week before disclosure

The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Dec 2021
password salting

Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Continue Reading
By
- Rahul Awati
News 10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now

The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 10 Dec 2021
Recent quantum computing advances point to brighter future

The past year saw a handful of breakthrough technologies from IBM and Honeywell, bringing the future promises of quantum computing closer to a present-day reality. Continue Reading
By
- Ed Scannell, Freelancer
Opinion 09 Dec 2021
Cloud application developers need built-in security

Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Dec 2021
17 Discord malware packages found in NPM repository

These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 09 Dec 2021
OCSP (Online Certificate Status Protocol)

OCSP (Online Certificate Status Protocol) is one of two common schemes used to maintain the security of a server and other network resources. Continue Reading
By
- Andrew Zola
News 07 Dec 2021
Cambridge Quantum delivers first quantum encryption keys

Cambridge Quantum, newly merged with Honeywell's Quantum Solutions division, has debuted the first as-a-service cryptographic key generator for quantum computing. Continue Reading
By
- Ed Scannell, Freelancer
News 01 Dec 2021
BlackByte ransomware attacks exploiting ProxyShell flaws

Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Nov 2021
Windows Installer zero-day under active exploitation

McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Nov 2021
Researcher drops instant admin Windows zero-day bug

A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
By
- Shaun Nichols
Definition 23 Nov 2021
cookie poisoning

Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft. Continue Reading
By
- Rahul Awati
Guest Post 16 Nov 2021
3 ways to balance app innovation with app security

New innovations come with an onslaught of risks and vulnerabilities. Use these three concepts to promote innovation, while ensuring web application security. Continue Reading
By
- Mark Ralls
News 15 Nov 2021
Microsoft releases out-of-band update for Windows Server

Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
By
- Shaun Nichols
News 09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities

Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
By
- Shaun Nichols
Definition 05 Nov 2021
cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
By
- Ben Lutkevich, Site Editor
- Linda Rosencrance
Definition 05 Nov 2021
cache poisoning

Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users. Continue Reading
By
- Rahul Awati
News 03 Nov 2021
CISA requires agencies to patch nearly 300 vulnerabilities

The Cybersecurity and Infrastructure Security Agency issued a directive for government agencies that requires patching for hundreds of known software security vulnerabilities. Continue Reading
By
- Shaun Nichols
News 02 Nov 2021
Trojan Source bugs enable 'invisible' source code poisoning

A pair of flaws in nearly every popular programming language enables attackers to hide malicious code in plain sight without the ability to be detected prior to compiling. Continue Reading
By
- Shaun Nichols
Feature 28 Oct 2021
Amid explosive growth, API security a growing concern

APIs are expanding exponentially across the technology landscape and creating a vast attack surface that enterprise security teams are struggling to understand and defend. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 28 Oct 2021
Applying security to operating models requires collaboration

Balancing business needs with security is more important than ever. Integrating operating models with reference architectures is a key step in the process. Continue Reading
By
- Altaz Valani
Definition 25 Oct 2021
payload (computing)

In computing, a payload is the carrying capacity of a packet or other transmission data unit. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Peter Loshin, Former Senior Technology Editor
Definition 21 Oct 2021
script kiddie

Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Continue Reading
By
- Ben Lutkevich, Site Editor
News 08 Oct 2021
Admins: Patch management is too complex and cumbersome

A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache. Continue Reading
By
- Shaun Nichols
Definition 08 Oct 2021
cryptographic nonce

A nonce is a random or semi-random number that is generated for a specific use. Continue Reading
By
- Ben Lutkevich, Site Editor
Guest Post 04 Oct 2021
5 principles for AppSec program maturity

Applications remain a top cause of external data breaches. Follow these five principles to achieve application security program maturity. Continue Reading
By
- Nabil Hannan
Definition 01 Oct 2021
IP spoofing

Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from. Continue Reading
By
- Ben Lutkevich, Site Editor
- Linda Rosencrance
News 30 Sep 2021
FireEye and McAfee Enterprise announce product mashup

Merger-happy investment firm STG has let slip that it will integrate the product lines of McAfee Enterprise and FireEye. Analysts say it will be a challenging road ahead. Continue Reading
By
- Shaun Nichols
Feature 30 Sep 2021
6 reasons unpatched software persists in the enterprise

Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 28 Sep 2021
Microsoft releases emergency Exchange Server mitigation tool

Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Sep 2021
Microsoft details 'OMIGOD' Azure vulnerability fixes, threats

Microsoft fixed the open source OMI software during last week's Patch Tuesday, but the tech giant has struggled to get the updated agents to Azure customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Sep 2021
‘OMIGOD’ vulnerabilities put Azure customers at risk

OMI, the software agent at the center of a remote code execution flaw, is "just one example" of silent, pre-installed software in cloud environments, according to one researcher. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Sep 2021
Google patches actively exploited Chrome zero-days

Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2021
'Azurescape': New Azure vulnerability fixed by Microsoft

The Azure Container Instances vulnerability would have allowed malicious actors to execute code on other customers' containers, but there have been no reports of exploitation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Sep 2021
ProxyShell attacks ramping up on unpatched Exchange Servers

Security experts say active attacks on the series of Microsoft Exchange Server flaws, which can be chained to take control of servers, are already being launched in the wild. Continue Reading
By
- Shaun Nichols
News 01 Sep 2021
Atlassian Confluence flaw under active attack

Administrators are advised to patch immediately after security experts confirmed mass scanning and exploits against a critical remote code execution vulnerability. Continue Reading
By
- Shaun Nichols
News 30 Aug 2021
New 'ProxyToken' Exchange Server vulnerability disclosed

The Exchange Server vulnerability could allow an attacker 'to copy all emails addressed to a target and account and forward them to an account controlled by the attacker.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 27 Aug 2021
Researchers discover critical flaw in Azure Cosmos DB

Wiz security researchers found a new attack vector in Microsoft Azure, which if exploited could allow an attacker to gain access to customers primary keys. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 27 Aug 2021
How to navigate cybersecurity product coverage

Cybersecurity tools are complex. It can be difficult for organizations to know which tools do what, and which tools they need -- or don't. Continue Reading
By
- Rohit Dhamankar
News 26 Aug 2021
Microsoft finally issues ProxyShell security advisory

The ProxyShell advisory includes a call to patch, as well as details on which Exchange servers are vulnerable. In short: Those without the May security update are unprotected. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 26 Aug 2021
Risk & Repeat: ProxyShell problems mount

CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online. Continue Reading
By
- Rob Wright, Senior News Director
News 25 Aug 2021
Bugs aplenty as VMware, Cisco and F5 drop security updates

Two critical updates from Cisco, remote code execution flaws in F5's Big-IP, and a half-dozen VMware security holes are among the more pressing issues for admins to address. Continue Reading
By
- Shaun Nichols
News 23 Aug 2021
CISA: ProxyShell flaws being actively exploited, patch now

Security researchers weighed in with evidence of ProxyShell exploitation by threat actors using malicious web shells and a new ransomware variant called 'LockFile.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Aug 2021
Many Exchange servers still vulnerable to ProxyLogon, ProxyShell

Tens of thousands of Exchange servers are still vulnerable to ProxyLogon and ProxyShell, and security researchers estimate honeypots represent only a small slice of those systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Aug 2021
New ransomware crew hammers on PrintNightmare bugs

PrintNightmare, the Microsoft print spooler flaws patched in July, is the favorite target for a new ransomware group known as Vice Society, according to Cisco Talos. Continue Reading
By
- Shaun Nichols
News 12 Aug 2021
Microsoft discloses new print spooler flaw without patch

The latest flaw in Windows print spooler software, which has yet to be patched, comes weeks after the PrintNightmare vulnerability and other related bugs. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Aug 2021
Cloud-native security benefits and use cases

'Cloud native' has described applications and services for years, but its place in security is less clear. Get insight into cloud-native security from expert Dave Shackleford. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 10 Aug 2021
11 video conferencing security and privacy best practices

Video conferencing tools are a remote worker's lifeline. As such, it is essential to maintain their security. These 11 best practices will help ensure secure, private, video-enabled meetings. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 05 Aug 2021
Mandiant: Microsoft 365 the 'Holy Grail' for nation-state hackers

Mandiant researchers discussed mailbox compromises, app registration abuse and new extensions of the Golden SAML attack technique against Microsoft 365 at Black Hat 2021. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Jul 2021
buffer overflow

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Continue Reading
By
- Michael Cobb
News 27 Jul 2021
Open source web app projects hailed for quickly patching bugs

Nine vulnerabilities in three popular open source SMB tools were cleaned up within 24 hours after Rapid7 reported the flaws to their development teams. Continue Reading
By
- Shaun Nichols
News 21 Jul 2021
U.K. man arrested in connection with 2020 Twitter breach

A 22-year-old U.K. resident was arrested in Spain and will face extradition on charges related to a social engineering operation that netted big-name Twitter accounts. Continue Reading
By
- Shaun Nichols
News 21 Jul 2021
Hackers embrace 5-day workweeks, unpatched vulnerabilities

Bad guys are taking the weekends off too, according to Barracuda Networks, and old bugs that should have been patched months ago continue to be the most-targeted vulnerabilities. Continue Reading
By
- Shaun Nichols
Answer 15 Jul 2021
How to prevent software piracy

Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
By
- Michael Cobb
- Mike Rothman, Securosis
News 14 Jul 2021
Microsoft's 'PrintNightmare' lingers, requires new patches

July's Patch Tuesday update includes critical fixes, but one well-known remote code execution bug might remain open for those with specific registry key settings. Continue Reading
By
- Shaun Nichols
News 13 Jul 2021
Why patching vulnerabilities is still a problem, and how to fix it

Patching is still a struggle for many organizations, and challenges include limited resources, technical debt, decentralized infrastructure and much more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Jun 2021
Common Linux vulnerabilities admins need to detect and fix

Server admins need to prepare for a variety of common Linux vulnerabilities, from software and hardware vulnerabilities to employee-created ones and even digital espionage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Wiley Publishing
Feature 30 Jun 2021
How to implement Linux security best practices

When setting up security for a company's infrastructure, admins need to focus on backups, patch management and regular vulnerability scans. Continue Reading
By
- Kyle Johnson, Technology Editor
News 24 Jun 2021
Atlassian moves to lock down accounts from takeover bugs

Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled. Continue Reading
By
- Shaun Nichols
News 24 Jun 2021
Dell BIOSConnect flaws affect 30 million devices

Eclypsium researchers discovered vulnerabilities that, if exploited, can allow remote code execution in a pre-boot environment for 128 different Dell products. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jun 2021
Apple issues patches for two more WebKit zero-days

Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 27 May 2021
Apiiro wins RSA Conference Innovation Sandbox Contest

Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks. Continue Reading
By
- Rob Wright, Senior News Director
Tip 13 May 2021
Container vs. VM security: Which is better?

Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy. Continue Reading
By
- Ed Moyle, SecurityCurve
Answer 13 May 2021
What's the difference between sandboxes vs. containers?

Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases. Continue Reading
By
- Ed Moyle, SecurityCurve
- Matthew Pascucci
News 06 May 2021
Popular mobile apps leaking AWS keys, exposing user data

Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk. Continue Reading
By
- Shaun Nichols
Feature 29 Apr 2021
Learn how to mitigate container security issues

The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods. Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 29 Apr 2021
Adopting containers and preventing container security risks

When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 27 Apr 2021
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 27 Apr 2021
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
By
- Katie Donegan, Social Media Manager
News 21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities

SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Apr 2021
NSA finds new Exchange Server vulnerabilities

Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Apr 2021
McAfee: PowerShell threats grew 208% in Q4 2020

McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Mar 2021
Black Kingdom ransomware foiled through Mega password change

The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Mar 2021
'Black Kingdom' ransomware impacting Exchange servers

Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Mar 2021
RiskIQ: 69,548 Microsoft Exchange servers still vulnerable

Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Mar 2021
Microsoft releases tools as Exchange Server attacks increase

Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Mar 2021
Microsoft Exchange Server zero-days exploited in the wild

Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Feb 2021
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 22 Feb 2021
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
By
- Kyle Johnson, Technology Editor
News 10 Feb 2021
Researcher used open source supply chain to breach tech giants

Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Feb 2021
How a social engineering campaign fooled infosec researchers

Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them. Continue Reading
By
- Arielle Waldman, News Writer
Quiz 22 Dec 2020
Quiz: Web application security threats and vulnerabilities

Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz. Continue Reading
By
- Sharon Shea, Executive Editor
Guest Post 08 Dec 2020
5 myths about putting security into CI/CD pipelines

Companies looking to introduce security testing earlier into software development must look past myths and understand what to realistically expect before creating their strategy. Continue Reading
By
- Dan Cornell
News 08 Dec 2020
Forescout reports 33 new TCP/IP vulnerabilities

The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Nov 2020
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By
- Michael Cobb
Tip 17 Nov 2020
Choosing between proxy vs. API CASB deployment modes

Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading
By
- Ed Moyle, SecurityCurve