Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

VMware patches dangerous security flaw that allows malicious actor with network access to the UI to obtain administrative access without the need to authenticate. [Read More]
ParseThru attack allows HTTP parameter smuggling against Go-based applications, enabling threat actors to conduct unauthorized actions. [Read More]
Cybersleuths at Microsoft discover a link between the recent ‘Raspberry Robin’ USB-based worm attacks and the notorious EvilCorp ransomware operation. [Read More]
In testimony before the the US House Intelligence Committee, security pros at Google and Citizen Lab make fresh calls for a wholesale clampdown on problematic commercial spyware vendors. [Read More]
Redmond's security research teams intercept multiple zero-day attacks attributed to DSIRF, a private cyber mercenary firm operating out of Austria. [Read More]
Reports say a Greek lawmaker in the European Parliament was targeted with malicious links trying to plant the Predator spyware program. [Read More]
A major security vulnerability in the open source PrestaShop software is being exploited in the wild and approximately 300,000 merchant shops are at risk. [Read More]
SonicWall ships urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the defect exposes businesses to remote hacker attacks. [Read More]
Researchers at Intezer are documenting the intricacies of Lightning Framework, an undetected Swiss Army Knife-like Linux malware capable of installing rootkits. [Read More]
A study of the evolution of cybercrime suggests the threat will only get worse as financially motivated malware gangs start to mimic the operations of legitimate businesses. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.