Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
News
07 Nov 2024
Google DORA issues platform engineering caveats
As with generative AI, the same techniques that can boost enterprise developer productivity can also slow and destabilize overall software delivery. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
05 Nov 2024
Google Cloud to roll out mandatory MFA for all users
Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
04 Nov 2024
10 API security testing tools to mitigate risk
Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing. Continue Reading
By- Dave Shackleford, Voodoo Security
- Michael Cobb
-
Tip
01 Nov 2024
API security testing checklist: 7 key steps
APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
By- Dave Shackleford, Voodoo Security
- Michael Cobb
-
News
31 Oct 2024
Lottie Player NPM package compromised in supply chain attack
Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By- Arielle Waldman, News Writer
-
News
30 Oct 2024
Microsoft warns of Midnight Blizzard spear phishing campaign
The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Oct 2024
GitHub Copilot Autofix expands as AI snags software delivery
GitHub Copilot Autofix could help vulnerability management keep pace as the volume of AI-generated code swamps delivery processes, but can AI be trusted to rein in AI? Continue Reading
By- Beth Pariseau, Senior News Writer
-
Opinion
29 Oct 2024
Study shows securing SaaS applications growing in importance
Securing all types of SaaS applications ranks high among security pros, but the broad mandate can mean the need for better SaaS security platforms and tools. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
29 Oct 2024
CrowdStrike outage explained: What caused it and what’s next
A CrowdStrike update caused a massive IT outage, crashing millions of Windows systems. Critical services and business operations were disrupted, revealing tech reliance risks. Continue Reading
-
Opinion
28 Oct 2024
Omnissa-CrowdStrike union reunites management and security
Organizations have growing security and management needs, so partnerships between vendors such as the Omnissa-CrowdStrike partnership provide necessary synergy for IT staff. Continue Reading
By- Gabe Knuth, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
28 Oct 2024
Delta sues CrowdStrike over IT outage fallout
Delta said it suffered $500 million in damages. CrowdStrike said the airline company's claims 'demonstrate a lack of understanding of how modern cybersecurity works.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
28 Oct 2024
What is two-factor authentication (2FA)?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading
By- Paul Kirvan
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
-
Tip
25 Oct 2024
Top 7 mobile device management tools to consider
From device security controls to onboarding features, MDM tools offer a wide range of capabilities. IT teams should explore the options to find the software that fits their needs. Continue Reading
By -
News
24 Oct 2024
AWS CDK security issue could lead to account takeovers
Aqua Security researchers discovered AWS Cloud Development Kit is susceptible to an attack vector the vendor refers to as 'shadows resources,' which can put accounts at risk. Continue Reading
By- Rob Wright, Senior News Director
-
News
23 Oct 2024
Fortinet discloses critical zero-day flaw in FortiManager
According to Fortinet, the FortiManager vulnerability 'may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Oct 2024
Thoma Bravo-owned Sophos to acquire Secureworks for $859M
Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
21 Oct 2024
Security observability, AI require data hygiene in DevSecOps
Sound data management is the heart of observability for security, which guides DevSecOps practices and determines the usefulness of AI apps, New Relic CISO says. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
18 Oct 2024
CI/CD pipeline security: Know the risks and best practices
Rapid release cycles need not compromise the security of an application and supporting infrastructure. Follow these guidelines to ensure security throughout the CI/CD pipeline. Continue Reading
By- Matt Heusser, Excelon Development
-
News
17 Oct 2024
HashiCorp Vault scalability updates target big enterprises
HashiCorp Vault 1.18 updates make it more suited to large companies, which the vendor is courting with a lighter cloud migration push than with Terraform. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
15 Oct 2024
FIDO unveils new specifications to transfer passkeys
The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Oct 2024
Microsoft repairs 2 zero-days on October Patch Tuesday
Administrators will have to tackle 117 new vulnerabilities, including three rated critical, in this month's batch of security updates. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack
Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
02 Oct 2024
API security maturity model to assess API security posture
As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Definition
02 Oct 2024
What is Android System WebView and should you uninstall it?
Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application. Continue Reading
By- Gavin Wright
- Ben Lutkevich, Site Editor
- Madelyn Bacon, TechTarget
-
News
27 Sep 2024
CUPS vulnerabilities could put Linux systems at risk
Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
26 Sep 2024
5 online payment security best practices for enterprises
Ensuring the security of your company's online payment systems is key to preventing costly attacks, meeting compliance requirements and maintaining customer trust. Continue Reading
-
News
25 Sep 2024
More Ivanti vulnerabilities exploited in the wild
Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By- Rob Wright, Senior News Director
-
Podcast
24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?
Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By- Rob Wright, Senior News Director
-
Tip
23 Sep 2024
ASPM vs. ASOC: How do they differ?
Application security posture management and application security orchestration and correlation tools both aim to secure applications but use different methodologies. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
19 Sep 2024
Platform engineers embrace secrets management tool
Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
18 Sep 2024
Huntress warns of attacks on Foundation Software accounts
The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Sep 2024
Orca: AI services, models falling short on security
New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By- Rob Wright, Senior News Director
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Sep 2024
Four zero-days fixed for September Patch Tuesday
Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security updates for those platforms. Continue Reading
By- Tom Walat, Site Editor
-
Tip
06 Sep 2024
Top API risks and how to mitigate them
While APIs play an essential role in most modern business strategies, they can also introduce serious security threats. Learn some of the top API risks and how to mitigate them. Continue Reading
By- John Burke, Nemertes Research
-
Tip
04 Sep 2024
Use AI threat modeling to mitigate emerging attacks
AI threat modeling can help enterprise security teams identify weaknesses in their AI systems and apps -- and keep bad actors from exploiting them. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
- Alissa Irei, Senior Site Editor
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw
Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By- Rob Wright, Senior News Director
-
Tutorial
27 Aug 2024
How to use Tor -- and whether you should -- in your enterprise
The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise? Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Answer
22 Aug 2024
Are virtual machines safe for end users?
Virtual machine security is a complicated topic because there are many factors that can determine their security posture. Learn how to evaluate these factors. Continue Reading
By- John Powers, Senior Site Editor
-
News
22 Aug 2024
CrowdStrike exec refutes Action1 acquisition reports
A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
22 Aug 2024
How frictionless authentication works in online payments
Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By- Rob Shapland
- Alissa Irei, Senior Site Editor
-
Definition
20 Aug 2024
What is cloud detection and response (CDR)?
Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
-
Tip
19 Aug 2024
CrowdStrike outage lessons learned: Questions to ask vendors
In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
16 Aug 2024
User mode vs. kernel mode: OSes explained
Kernel mode exists to keep user applications from disrupting critical system functions. Learn how each state works and what can happen when an error occurs in kernel mode. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
15 Aug 2024
New deepfake audio detector released as U.S. election nears
The tool can identify AI-generated speech. The release follows wide circulation of deepfakes of vice president Kamala Harris and X owner Elon Musk. Continue Reading
By- Esther Ajao, News Writer
-
News
14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
By- Rob Wright, Senior News Director
-
News
14 Aug 2024
Microsoft corrects six zero-days for August Patch Tuesday
Admins can address most of the zero-days with a cumulative update. But of more concern is the lack of patches for two vulnerabilities demonstrated at the Black Hat conference. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
12 Aug 2024
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
12 Aug 2024
How to conduct a mobile app security audit
To keep corporate and user data safe, IT must continuously ensure mobile app security. Mobile application security audits are a helpful tool to stay on top of data protection. Continue Reading
By -
Tip
12 Aug 2024
How invisible MFA works to reduce UX friction
Traditional MFA provides benefits but tests users' patience. Explore how invisible MFA can make it easier to access resources and reduce MFA fatigue. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Alissa Irei, Senior Site Editor
-
Definition
09 Aug 2024
What is static application security testing (SAST)?
Static application security testing (SAST) is the process of analyzing and testing application source code for security vulnerabilities. Continue Reading
By -
News
08 Aug 2024
Endor Labs ships Java 'Magic Patches' with SCA tools
Upgrade impact analysis and backported fixes will help one enterprise customer make a major Java upgrade manageable and keep compliant with FedRAMP. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
08 Aug 2024
Sysdig Sage early adopters kick the tires on CNAPP AI agents
AI agents in Sysdig Sage add more sophisticated multi-step reasoning than is available with generic LLMs. But it's meant to assist humans, not replace them. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
08 Aug 2024
Wiz researchers hacked into leading AI infrastructure providers
During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
Veracode highlights security risks of GenAI coding tools
At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
CrowdStrike details errors that led to mass IT outage
CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By- Rob Wright, Senior News Director
-
Opinion
06 Aug 2024
Highlights from CloudNativeSecurityCon 2024
This year's Cloud Native Computing Foundation CloudNativeSecurityCon highlighted cloud-native security issues to its many attendees who don't hold security-focused roles. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
05 Aug 2024
CrowdStrike fires back at Delta over outage allegations
After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.' Continue Reading
By- Rob Wright, Senior News Director
-
Definition
01 Aug 2024
What is dynamic application security testing (DAST)?
Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses. Continue Reading
By -
News
31 Jul 2024
Microsoft confirms DDoS attack disrupted cloud services
Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
29 Jul 2024
8 blockchain-as-a-service providers to have on your radar
You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading
By- Christine Campbell, The Alpha Content Company
- Tony Kontzer
-
Video
29 Jul 2024
An explanation of the CrowdStrike outage
A botched CrowdStrike update triggered a massive outage, affecting airlines, healthcare, banking and transit. Continue Reading
By- Tommy Everson, Assistant Editor
-
News
26 Jul 2024
Researcher says deleted GitHub data can be accessed 'forever'
Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jul 2024
CrowdStrike: 97% of Windows sensors back online after outage
While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tutorial
25 Jul 2024
How to use PuTTY for SSH key-based authentication
This tutorial on the open source PuTTY SSH client covers how to install it, its basic use and step-by-step instructions for configuring key-based authentication. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
News
24 Jul 2024
CrowdStrike: Content validation bug led to global outage
CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
23 Jul 2024
Risk & Repeat: Faulty CrowdStrike update causes global outage
Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Jul 2024
GitLab users cautiously optimistic on Datadog DevSecOps deal
Datadog is reportedly a suitor for GitLab; existing users understand the rationale for such a deal, but key questions must be answered before they'd adopt deeper integrations. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
22 Jul 2024
Microsoft: Faulty CrowdStrike update affected 8.5M devices
Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?
A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By- Gabe Knuth, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
19 Jul 2024
Defective CrowdStrike update triggers mass IT outage
A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
18 Jul 2024
What dangling pointers are and how to avoid them
Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
By -
News
16 Jul 2024
AI gateways emerge in response to governance concerns
Enterprise IT investment is pouring into AI, but security and governance remain major stumbling blocks to production. Enter API gateway vendors eager to assist -- and cash in. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
15 Jul 2024
What is an intrusion detection system (IDS)?
An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
-
Definition
12 Jul 2024
Linux Secure Boot
Linux Secure Boot is a Hyper-V feature that Microsoft introduced in Windows 10 and Windows Server 2016. The feature allows specific Linux distributions to boot properly when running in Hyper-V generation 2 virtual machines. Continue Reading
By- Robert Sheldon
- Stephen J. Bigelow, Senior Technology Editor
-
News
09 Jul 2024
Microsoft fixes 2 zero-days in massive July Patch Tuesday
Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
-
Tip
02 Jul 2024
How to secure Azure Functions with Entra ID
Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure Functions with Entra ID to optimize data security? Continue Reading
By- Liam Cleary, SharePlicity
-
News
27 Jun 2024
New Relic CEO sets observability strategy for the AI age
Former Proofpoint CEO sets an AI-focused agenda, including an Nvidia partnership launched this week, while denying layoff rumors and speculation about a merger with Sumo Logic. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
27 Jun 2024
Supply chain attacks conducted through Polyfill.io service
In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jun 2024
Datadog DASH updates push into fresh IT automation turf
A series of product updates at Datadog DASH broke out of the vendor's usual observability domain and into territory held by Atlassian, PagerDuty and others. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama
Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Jun 2024
JFrog buy bolsters MLOps combo with DevSecOps
JFrog plans to meld AI/ML development with established DevSecOps pipelines through the acquisition of Qwak in a bid to help more enterprise AI apps reach production. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
19 Jun 2024
SUSE Rancher gears up amid VMware-Broadcom 'feeding frenzy'
SUSE Rancher bolsters its bid to capture users dissatisfied with Broadcom's changes to VMware with the acquisition of StackState and other updates to its Prime package. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Podcast
18 Jun 2024
Risk & Repeat: Microsoft under fire again over Recall
Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Jun 2024
EPAM denies link to Snowflake customer attacks
EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
17 Jun 2024
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types
Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes
In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Jun 2024
Congress grills Microsoft president over security failures
Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Jun 2024
Microsoft's Recall changes might be too little, too late
Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs
Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By- Tim McCarthy, News Writer
-
News
11 Jun 2024
Microsoft delivers 51 fixes for June Patch Tuesday
A critical remote-code execution flaw in Windows and a DoS vulnerability affecting DNS in Windows Server top the list of patching priorities for admins. Continue Reading
By- Tom Walat, Site Editor
-
Tip
10 Jun 2024
8 SaaS security best practices for 2024
SaaS has become ubiquitous. To secure it, take steps to inventory SaaS usage, securely authenticate usage, encrypt data, adopt single sign-on and more. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
07 Jun 2024
How to conduct an API risk assessment and improve security
APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By -
Definition
05 Jun 2024
SUSE Linux Enterprise Server (SLES)
SUSE Linux Enterprise Server (SLES) is a Linux-based server operating system created and maintained by the German-based organization, SUSE. Continue Reading
By- Gavin Wright
- Tim Culverhouse, Site Editor
-
News
03 Jun 2024
Hugging Face tokens exposed, attack scope unknown
After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors
ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By- Matthew Smith, Seemless Transition LLC
-
News
28 May 2024
How AI could bolster software supply chain security
Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By- Arielle Waldman, News Writer