Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Security researchers at Group-IB believe that Chinese nation-state threat actor APT41 performed the cyberattack against aviation IT firm SITA [Read More]
After a major restructuring earlier this year, Akamai hands security leadership reins to 15-year cybersecurity veteran Dr Boaz Gelbord. [Read More]
Recorded Future launches an in-house initiative that sets aside $20 million to invest in seed-stage and Series A startups in the nascent threat-intelligence space. [Read More]
CrowdStrike warns that SonicWall patches released in 2019 do not properly address a vulnerability in the company’s Secure Remote Access (SRA) devices. [Read More]
The GitHub secrets scanning service is looking for potentially leaked credentials in millions of open-source packages. [Read More]
Microsoft warns that attackers are simultaneously deploying TensorFlow pods on multiple Kubernetes clusters to mine cryptocurrency. [Read More]
The new Amazon Sidewalk mesh network links tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poor or unavailable. What are the privacy and security implications? [Read More]
SAP releases patches for a total of 11 security flaws in NetWeaver, five of which are rated high-severity. [Read More]
Patch Tuesday takes on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild. [Read More]
Adobe's June batch of security patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, and the ever-present Adobe Creative Cloud Desktop Application. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.