Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Software workload protection solutions provider Virsec has raised $100 million in a Series C funding round, which brings the total raised by the company to $137 million. [Read More]
The German software maker has released patches for a pair of high-severity Netweaver vulnerabilities. [Read More]
Microsoft’s embattled security response unit uses Patch Tuesday to respond to a new set of Windows zero-day attacks. [Read More]
Mozilla has released Firefox 90 with several security improvements, including better protections against cross-origin threats, as well as an advanced tracker blocking mechanism. [Read More]
Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. [Read More]
The deal will give Redmond an automatic entry point into the lucrative attack surface management and third party risk-intelligence space. [Read More]
SolarWinds said a single threat actor exploited flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.” [Read More]
Cisco issues an advisory with a warning that the vulnerabilities could be exploited by authenticated, remote attackers to gain elevated privileges. [Read More]
The Republican National Committee says no RNC data was compromised in a cyberattack that involved B2B IT services provider Synnex. [Read More]
Sophos has acquired Capsule8 to beef up the Linux protection capabilities to its endpoint detection and response product stack. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Preston Hogue's picture
This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams.
Ashley Arbuckle's picture
As organizations digitize their business and make these shifts, they need to know what and who they can trust.
Laurence Pitt's picture
By paying just a bit more attention to the permissions you are allowing on your phone or computer, you could protect yourself from a much more significant headache down the road.
Travis Greene's picture
While GDPR doesn’t require encryption, there are four mentions of encryption in GDPR that provide real incentives for organizations to use encryption.
Alastair Paterson's picture
A confluence of factors is putting hundreds of thousands of implementations of Enterprise Resource Planning (ERP) applications at risk of cyber attacks.
Jim Ivers's picture
Applications contain three specific components where vulnerabilities can be found, and each must be tested in a different way for security testing to be complete.
Dan Cornell's picture
As you start to get an idea of what your application portfolio looks like, you then need to start determining the specific risks that applications can expose your organization to.
Alan Cohen's picture
From a security perspective, to create understand application dependencies you need not only to understand the flows and servers, you need to understand the ports and underlying processes.
Preston Hogue's picture
Today an organization may have thousands of apps on the internet, but having thousands of monolithic security devices just isn’t practical.
Dan Cornell's picture
Security cannot exist in a vacuum – it must be integrated with the entirety of an organization’s strategy when it comes to securing development operations.