Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 21 Nov 2024
WasmCloud makes strides with Wasm component model

After a stall in 2023, this year's WASI Preview 2 pushed server-side WebAssembly forward, turning heads at companies such as American Express -- but it's far from mainstream use. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 21 Nov 2024
Rethinking 'secure by design' amid slippery SecOps shifts

An expert discusses the fallout from a CISA report that raised doubts about the last decade's DevSecOps trend, and where the industry goes from here. Continue Reading
By
- Beth Pariseau, Senior News Writer

News 21 Nov 2024
IT pros revise pipelines for software supply chain security

Software supply chain security has reached an awkward stage for enterprise IT, as platform and security pros grapple with adding upstream tools to existing workflows. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack

The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By
- Arielle Waldman, News Writer
Tip 20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM

Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor
News 07 Nov 2024
Google DORA issues platform engineering caveats

As with generative AI, the same techniques that can boost enterprise developer productivity can also slow and destabilize overall software delivery. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 05 Nov 2024
Google Cloud to roll out mandatory MFA for all users

Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Nov 2024
10 API security testing tools to mitigate risk

Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
Tip 01 Nov 2024
API security testing checklist: 7 key steps

APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
News 31 Oct 2024
Lottie Player NPM package compromised in supply chain attack

Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Oct 2024
Microsoft warns of Midnight Blizzard spear phishing campaign

The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Oct 2024
GitHub Copilot Autofix expands as AI snags software delivery

GitHub Copilot Autofix could help vulnerability management keep pace as the volume of AI-generated code swamps delivery processes, but can AI be trusted to rein in AI? Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 29 Oct 2024
Study shows securing SaaS applications growing in importance

Securing all types of SaaS applications ranks high among security pros, but the broad mandate can mean the need for better SaaS security platforms and tools. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 29 Oct 2024
CrowdStrike outage explained: What caused it and what’s next

A CrowdStrike update caused a massive IT outage, crashing millions of Windows systems. Critical services and business operations were disrupted, revealing tech reliance risks. Continue Reading
By
- Sean Michael Kerner
Opinion 28 Oct 2024
Omnissa-CrowdStrike union reunites management and security

Organizations have growing security and management needs, so partnerships between vendors such as the Omnissa-CrowdStrike partnership provide necessary synergy for IT staff. Continue Reading
By
- Gabe Knuth, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 Oct 2024
Delta sues CrowdStrike over IT outage fallout

Delta said it suffered $500 million in damages. CrowdStrike said the airline company's claims 'demonstrate a lack of understanding of how modern cybersecurity works.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Oct 2024
What is two-factor authentication (2FA)?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading
By
- Paul Kirvan
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
Tip 25 Oct 2024
Top 7 mobile device management tools to consider

From device security controls to onboarding features, MDM tools offer a wide range of capabilities. IT teams should explore the options to find the software that fits their needs. Continue Reading
By
- Gary Olsen
News 24 Oct 2024
AWS CDK security issue could lead to account takeovers

Aqua Security researchers discovered AWS Cloud Development Kit is susceptible to an attack vector the vendor refers to as 'shadows resources,' which can put accounts at risk. Continue Reading
By
- Rob Wright, Senior News Director
News 23 Oct 2024
Fortinet discloses critical zero-day flaw in FortiManager

According to Fortinet, the FortiManager vulnerability 'may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Oct 2024
Thoma Bravo-owned Sophos to acquire Secureworks for $859M

Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 21 Oct 2024
Security observability, AI require data hygiene in DevSecOps

Sound data management is the heart of observability for security, which guides DevSecOps practices and determines the usefulness of AI apps, New Relic CISO says. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 18 Oct 2024
CI/CD pipeline security: Know the risks and best practices

Rapid release cycles need not compromise the security of an application and supporting infrastructure. Follow these guidelines to ensure security throughout the CI/CD pipeline. Continue Reading
By
- Matt Heusser, Excelon Development
News 17 Oct 2024
HashiCorp Vault scalability updates target big enterprises

HashiCorp Vault 1.18 updates make it more suited to large companies, which the vendor is courting with a lighter cloud migration push than with Terraform. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 15 Oct 2024
FIDO unveils new specifications to transfer passkeys

The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery

More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Oct 2024
Microsoft repairs 2 zero-days on October Patch Tuesday

Administrators will have to tackle 117 new vulnerabilities, including three rated critical, in this month's batch of security updates. Continue Reading
By
- Tom Walat, Site Editor
Podcast 08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?

Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack

Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By
- Arielle Waldman, News Writer
Feature 02 Oct 2024
API security maturity model to assess API security posture

As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 02 Oct 2024
What is Android System WebView and should you uninstall it?

Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application. Continue Reading
By
- Gavin Wright
- Ben Lutkevich, Site Editor
- Madelyn Bacon, TechTarget
News 27 Sep 2024
CUPS vulnerabilities could put Linux systems at risk

Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems. Continue Reading
By
- Arielle Waldman, News Writer
Tip 26 Sep 2024
5 online payment security best practices for enterprises

Ensuring the security of your company's online payment systems is key to preventing costly attacks, meeting compliance requirements and maintaining customer trust. Continue Reading
By
- Amanda Scheldt
News 25 Sep 2024
More Ivanti vulnerabilities exploited in the wild

Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?

Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By
- Rob Wright, Senior News Director
Tip 23 Sep 2024
ASPM vs. ASOC: How do they differ?

Application security posture management and application security orchestration and correlation tools both aim to secure applications but use different methodologies. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 19 Sep 2024
Platform engineers embrace secrets management tool

Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Sep 2024
Huntress warns of attacks on Foundation Software accounts

The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Sep 2024
Orca: AI services, models falling short on security

New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks

Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By
- Rob Wright, Senior News Director
News 11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches

On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Sep 2024
Four zero-days fixed for September Patch Tuesday

Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security updates for those platforms. Continue Reading
By
- Tom Walat, Site Editor
Tip 06 Sep 2024
Top API risks and how to mitigate them

While APIs play an essential role in most modern business strategies, they can also introduce serious security threats. Learn some of the top API risks and how to mitigate them. Continue Reading
By
- John Burke, Nemertes Research
Tip 04 Sep 2024
Use AI threat modeling to mitigate emerging attacks

AI threat modeling can help enterprise security teams identify weaknesses in their AI systems and apps -- and keep bad actors from exploiting them. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
- Alissa Irei, Senior Site Editor
News 29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns

A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw

Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By
- Rob Wright, Senior News Director
Tutorial 27 Aug 2024
How to use Tor -- and whether you should -- in your enterprise

The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise? Continue Reading
By
- Damon Garn, Cogspinner Coaction
Answer 22 Aug 2024
Are virtual machines safe for end users?

Virtual machine security is a complicated topic because there are many factors that can determine their security posture. Learn how to evaluate these factors. Continue Reading
By
- John Powers, Senior Site Editor
News 22 Aug 2024
CrowdStrike exec refutes Action1 acquisition reports

A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 22 Aug 2024
How frictionless authentication works in online payments

Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By
- Rob Shapland
- Alissa Irei, Senior Site Editor
Definition 20 Aug 2024
What is cloud detection and response (CDR)?

Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
By
- Michael Levan
Tip 19 Aug 2024
CrowdStrike outage lessons learned: Questions to ask vendors

In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur. Continue Reading
By
- Ed Moyle, Drake Software
Tip 16 Aug 2024
User mode vs. kernel mode: OSes explained

Kernel mode exists to keep user applications from disrupting critical system functions. Learn how each state works and what can happen when an error occurs in kernel mode. Continue Reading
By
- Ben Lutkevich, Site Editor
News 15 Aug 2024
New deepfake audio detector released as U.S. election nears

The tool can identify AI-generated speech. The release follows wide circulation of deepfakes of vice president Kamala Harris and X owner Elon Musk. Continue Reading
By
- Esther Ajao, News Writer
News 14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI

GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
By
- Rob Wright, Senior News Director
News 14 Aug 2024
Microsoft corrects six zero-days for August Patch Tuesday

Admins can address most of the zero-days with a cumulative update. But of more concern is the lack of patches for two vulnerabilities demonstrated at the Black Hat conference. Continue Reading
By
- Tom Walat, Site Editor
Podcast 12 Aug 2024
Risk & Repeat: Recapping Black Hat USA 2024

Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Aug 2024
How to conduct a mobile app security audit

To keep corporate and user data safe, IT must continuously ensure mobile app security. Mobile application security audits are a helpful tool to stay on top of data protection. Continue Reading
By
- Will Kelly
Tip 12 Aug 2024
How invisible MFA works to reduce UX friction

Traditional MFA provides benefits but tests users' patience. Explore how invisible MFA can make it easier to access resources and reduce MFA fatigue. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Alissa Irei, Senior Site Editor
Definition 09 Aug 2024
What is static application security testing (SAST)?

Static application security testing (SAST) is the process of analyzing and testing application source code for security vulnerabilities. Continue Reading
By
- Kate Brush
News 08 Aug 2024
Endor Labs ships Java 'Magic Patches' with SCA tools

Upgrade impact analysis and backported fixes will help one enterprise customer make a major Java upgrade manageable and keep compliant with FedRAMP. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 08 Aug 2024
Sysdig Sage early adopters kick the tires on CNAPP AI agents

AI agents in Sysdig Sage add more sophisticated multi-step reasoning than is available with generic LLMs. But it's meant to assist humans, not replace them. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 08 Aug 2024
Wiz researchers hacked into leading AI infrastructure providers

During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2024
Veracode highlights security risks of GenAI coding tools

At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2024
CrowdStrike details errors that led to mass IT outage

CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By
- Rob Wright, Senior News Director
Opinion 06 Aug 2024
Highlights from CloudNativeSecurityCon 2024

This year's Cloud Native Computing Foundation CloudNativeSecurityCon highlighted cloud-native security issues to its many attendees who don't hold security-focused roles. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 05 Aug 2024
CrowdStrike fires back at Delta over outage allegations

After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.' Continue Reading
By
- Rob Wright, Senior News Director
Definition 01 Aug 2024
What is dynamic application security testing (DAST)?

Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses. Continue Reading
By
- Kate Brush
News 31 Jul 2024
Microsoft confirms DDoS attack disrupted cloud services

Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world. Continue Reading
By
- Arielle Waldman, News Writer
Feature 29 Jul 2024
8 blockchain-as-a-service providers to have on your radar

You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading
By
- Christine Campbell, The Alpha Content Company
- Tony Kontzer
Video 29 Jul 2024
An explanation of the CrowdStrike outage

A botched CrowdStrike update triggered a massive outage, affecting airlines, healthcare, banking and transit. Continue Reading
By
- Tommy Everson, Assistant Editor
News 26 Jul 2024
Researcher says deleted GitHub data can be accessed 'forever'

Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jul 2024
CrowdStrike: 97% of Windows sensors back online after outage

While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Tutorial 25 Jul 2024
How to use PuTTY for SSH key-based authentication

This tutorial on the open source PuTTY SSH client covers how to install it, its basic use and step-by-step instructions for configuring key-based authentication. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 24 Jul 2024
CrowdStrike: Content validation bug led to global outage

CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 23 Jul 2024
Risk & Repeat: Faulty CrowdStrike update causes global outage

Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Jul 2024
GitLab users cautiously optimistic on Datadog DevSecOps deal

Datadog is reportedly a suitor for GitLab; existing users understand the rationale for such a deal, but key questions must be answered before they'd adopt deeper integrations. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 22 Jul 2024
Microsoft: Faulty CrowdStrike update affected 8.5M devices

Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?

A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By
- Gabe Knuth, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 19 Jul 2024
Defective CrowdStrike update triggers mass IT outage

A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe. Continue Reading
By
- Rob Wright, Senior News Director
Tip 18 Jul 2024
What dangling pointers are and how to avoid them

Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
By
- Michael Cobb
News 16 Jul 2024
AI gateways emerge in response to governance concerns

Enterprise IT investment is pouring into AI, but security and governance remain major stumbling blocks to production. Enter API gateway vendors eager to assist -- and cash in. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 15 Jul 2024
What is an intrusion detection system (IDS)?

An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
Definition 12 Jul 2024
Linux Secure Boot

Linux Secure Boot is a Hyper-V feature that Microsoft introduced in Windows 10 and Windows Server 2016. The feature allows specific Linux distributions to boot properly when running in Hyper-V generation 2 virtual machines. Continue Reading
By
- Robert Sheldon
- Stephen J. Bigelow, Senior Technology Editor
News 09 Jul 2024
Microsoft fixes 2 zero-days in massive July Patch Tuesday

Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild. Continue Reading
By
- Rob Wright, Senior News Director
Definition 05 Jul 2024
What is a cyber attack? How they work and how to stop them

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
Tip 02 Jul 2024
How to secure Azure Functions with Entra ID

Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure Functions with Entra ID to optimize data security? Continue Reading
By
- Liam Cleary, SharePlicity
News 27 Jun 2024
New Relic CEO sets observability strategy for the AI age

Former Proofpoint CEO sets an AI-focused agenda, including an Nvidia partnership launched this week, while denying layoff rumors and speculation about a merger with Sumo Logic. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Jun 2024
Supply chain attacks conducted through Polyfill.io service

In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jun 2024
Datadog DASH updates push into fresh IT automation turf

A series of product updates at Datadog DASH broke out of the vendor's usual observability domain and into territory held by Atlassian, PagerDuty and others. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama

Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jun 2024
JFrog buy bolsters MLOps combo with DevSecOps

JFrog plans to meld AI/ML development with established DevSecOps pipelines through the acquisition of Qwak in a bid to help more enterprise AI apps reach production. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 19 Jun 2024
SUSE Rancher gears up amid VMware-Broadcom 'feeding frenzy'

SUSE Rancher bolsters its bid to capture users dissatisfied with Broadcom's changes to VMware with the acquisition of StackState and other updates to its Prime package. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 18 Jun 2024
Risk & Repeat: Microsoft under fire again over Recall

Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jun 2024
EPAM denies link to Snowflake customer attacks

EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases. Continue Reading
By
- Arielle Waldman, News Writer
Feature 17 Jun 2024
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types

Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes

In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2024
Congress grills Microsoft president over security failures

Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Jun 2024
Microsoft's Recall changes might be too little, too late

Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs

Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By
- Tim McCarthy, News Writer