Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months. [Read More]
The Danish wind turbine manufacturer confirms a cyber attack has impacted parts of internal internal IT infrastructure and that data has been compromised. [Read More]
The newly discovered Android banking trojan targets international banks and five different cryptocurrency services. [Read More]
Microsoft's threat hunters have caught Iranian threat actors breaking into IT services shops in India and Israel and stealing credentials for downstream software supply chain attacks. [Read More]
Public cloud data protection provider Laminar has emerged from stealth with $32 million in Series A funding led by Insight Partners. [Read More]
Google paid roughly $60,000 in bug bounty rewards to the external security researchers reporting high-severity vulnerabilities in Chrome. [Read More]
Researchers showcase new attack that relies on non-uniform and frequency-based Rowhammer access patterns to bypass Target Row Refresh (TRR) on DDR4 DRAM. [Read More]
Redmond says the evasive malware delivery method is being leveraged in attacks to deliver remote access Trojans (RATs), banking malware, and other malicious payloads. [Read More]
Cloudflare said the multi-vector distributed denial of service attack combined DNS amplification attacks and UDP floods and lasted just one minute. [Read More]
Chipmakers Intel and AMD release patches for multiple vulnerabilities in multiple products, including a series of high severity issues in software drivers. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.