Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The botnet downloads and installs a Monero miner onto the compromised systems and is also capable of installing a rootkit and executing commands. [Read More]
The Linux Foundation has secured a $10 million investment to expand the operations of the Open Source Security Foundation (OpenSSF). [Read More]
Tech giants Intel and VMware joined the security patch parade this week, rolling out fixes for flaws that expose users to malicious hacker attacks. [Read More]
Apple has published a 30-page threat analysis report to explain why sideloading would pose serious privacy and security risks to iPhone users. [Read More]
Full video of panel discussion from SecurityWeek's 2021 CISO Forum on navigating software bill of materials (SBOM) and supply chain security transparency. [Read More]
Identified in the open source SSH key generation library, the vulnerability affects keys issued using GitKraken versions 7.6.x, 7.7.x, and 8.0.0. [Read More]
Weir Group says the attack forced it to isolate and shut down systems and that engineering applications were only partially restored. [Read More]
Redmond threat hunters technical details on UNC-0343, an Iran-linked apex actor using password spraying to break into Office 365 accounts since at least July 2021. [Read More]
Mondoo plans to use the new funding to accelerate development of its cloud-native platform to provide developers with automated risk assessments. [Read More]
Threat hunters at ESET document a UEFI bootkit capable of hijacking the EFI System Partition (ESP) to maintain persistence on infected Windows machines. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Preston Hogue's picture
This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams.
Ashley Arbuckle's picture
As organizations digitize their business and make these shifts, they need to know what and who they can trust.
Laurence Pitt's picture
By paying just a bit more attention to the permissions you are allowing on your phone or computer, you could protect yourself from a much more significant headache down the road.
Travis Greene's picture
While GDPR doesn’t require encryption, there are four mentions of encryption in GDPR that provide real incentives for organizations to use encryption.
Alastair Paterson's picture
A confluence of factors is putting hundreds of thousands of implementations of Enterprise Resource Planning (ERP) applications at risk of cyber attacks.
Jim Ivers's picture
Applications contain three specific components where vulnerabilities can be found, and each must be tested in a different way for security testing to be complete.
Dan Cornell's picture
As you start to get an idea of what your application portfolio looks like, you then need to start determining the specific risks that applications can expose your organization to.
Alan Cohen's picture
From a security perspective, to create understand application dependencies you need not only to understand the flows and servers, you need to understand the ports and underlying processes.
Preston Hogue's picture
Today an organization may have thousands of apps on the internet, but having thousands of monolithic security devices just isn’t practical.
Dan Cornell's picture
Security cannot exist in a vacuum – it must be integrated with the entirety of an organization’s strategy when it comes to securing development operations.