Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
News
11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Oct 2024
Microsoft repairs 2 zero-days on October Patch Tuesday
Administrators will have to tackle 117 new vulnerabilities, including three rated critical, in this month's batch of security updates. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack
Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
02 Oct 2024
API security maturity model to assess API security posture
As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Definition
02 Oct 2024
What is Android System WebView and should you uninstall it?
Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application. Continue Reading
By- Gavin Wright
- Ben Lutkevich, Site Editor
- Madelyn Bacon, TechTarget
-
News
27 Sep 2024
CUPS vulnerabilities could put Linux systems at risk
Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
26 Sep 2024
5 online payment security best practices for enterprises
Ensuring the security of your company's online payment systems is key to preventing costly attacks, meeting compliance requirements and maintaining customer trust. Continue Reading
-
Feature
26 Sep 2024
CrowdStrike outage explained: What caused it and what’s next
A CrowdStrike update caused a massive IT outage, crashing millions of Windows systems. Critical services and business operations were disrupted, revealing tech reliance risks. Continue Reading
-
News
25 Sep 2024
More Ivanti vulnerabilities exploited in the wild
Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By- Rob Wright, Senior News Director
-
Podcast
24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?
Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By- Rob Wright, Senior News Director
-
Tip
23 Sep 2024
ASPM vs. ASOC: How do they differ?
Application security posture management and application security orchestration and correlation tools both aim to secure applications but use different methodologies. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
19 Sep 2024
Platform engineers embrace secrets management tool
Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
18 Sep 2024
Huntress warns of attacks on Foundation Software accounts
The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Sep 2024
Orca: AI services, models falling short on security
New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By- Rob Wright, Senior News Director
-
News
11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches
On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Sep 2024
Four zero-days fixed for September Patch Tuesday
Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security updates for those platforms. Continue Reading
By- Tom Walat, Site Editor
-
Tip
06 Sep 2024
Top API risks and how to mitigate them
While APIs play an essential role in most modern business strategies, they can also introduce serious security threats. Learn some of the top API risks and how to mitigate them. Continue Reading
By- John Burke, Nemertes Research
-
Tip
04 Sep 2024
Use AI threat modeling to mitigate emerging attacks
AI threat modeling can help enterprise security teams identify weaknesses in their AI systems and apps -- and keep bad actors from exploiting them. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
- Alissa Irei, Senior Site Editor
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw
Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By- Rob Wright, Senior News Director
-
Tutorial
27 Aug 2024
How to use Tor -- and whether you should -- in your enterprise
The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise? Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Answer
22 Aug 2024
Are virtual machines safe for end users?
Virtual machine security is a complicated topic because there are many factors that can determine their security posture. Learn how to evaluate these factors. Continue Reading
By- John Powers, Senior Site Editor
-
News
22 Aug 2024
CrowdStrike exec refutes Action1 acquisition reports
A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
22 Aug 2024
How frictionless authentication works in online payments
Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By- Rob Shapland
- Alissa Irei, Senior Site Editor
-
Definition
20 Aug 2024
What is cloud detection and response (CDR)?
Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
-
Tip
19 Aug 2024
CrowdStrike outage lessons learned: Questions to ask vendors
In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
16 Aug 2024
User mode vs. kernel mode: OSes explained
Kernel mode exists to keep user applications from disrupting critical system functions. Learn how each state works and what can happen when an error occurs in kernel mode. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
15 Aug 2024
New deepfake audio detector released as U.S. election nears
The tool can identify AI-generated speech. The release follows wide circulation of deepfakes of vice president Kamala Harris and X owner Elon Musk. Continue Reading
By- Esther Ajao, News Writer
-
News
14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
By- Rob Wright, Senior News Director
-
News
14 Aug 2024
Microsoft corrects six zero-days for August Patch Tuesday
Admins can address most of the zero-days with a cumulative update. But of more concern is the lack of patches for two vulnerabilities demonstrated at the Black Hat conference. Continue Reading
By- Tom Walat, Site Editor
-
Podcast
12 Aug 2024
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
12 Aug 2024
How to conduct a mobile app security audit
To keep corporate and user data safe, IT must continuously ensure mobile app security. Mobile application security audits are a helpful tool to stay on top of data protection. Continue Reading
By -
Tip
12 Aug 2024
How invisible MFA works to reduce UX friction
Traditional MFA provides benefits but tests users' patience. Explore how invisible MFA can make it easier to access resources and reduce MFA fatigue. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Alissa Irei, Senior Site Editor
-
Definition
09 Aug 2024
What is static application security testing (SAST)?
Static application security testing (SAST) is the process of analyzing and testing application source code for security vulnerabilities. Continue Reading
By -
News
08 Aug 2024
Endor Labs ships Java 'Magic Patches' with SCA tools
Upgrade impact analysis and backported fixes will help one enterprise customer make a major Java upgrade manageable and keep compliant with FedRAMP. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
08 Aug 2024
Sysdig Sage early adopters kick the tires on CNAPP AI agents
AI agents in Sysdig Sage add more sophisticated multi-step reasoning than is available with generic LLMs. But it's meant to assist humans, not replace them. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
08 Aug 2024
Wiz researchers hacked into leading AI infrastructure providers
During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
Veracode highlights security risks of GenAI coding tools
At Black Hat USA 2024, Veracode's Chris Wysopal warned of the downstream effects of how generative AI tools are helping developers write code faster. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2024
CrowdStrike details errors that led to mass IT outage
CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
By- Rob Wright, Senior News Director
-
Opinion
06 Aug 2024
Highlights from CloudNativeSecurityCon 2024
This year's Cloud Native Computing Foundation CloudNativeSecurityCon highlighted cloud-native security issues to its many attendees who don't hold security-focused roles. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
05 Aug 2024
CrowdStrike fires back at Delta over outage allegations
After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.' Continue Reading
By- Rob Wright, Senior News Director
-
Definition
01 Aug 2024
What is dynamic application security testing (DAST)?
Dynamic application security testing (DAST) is the process of analyzing a web application in runtime to identify security vulnerabilities or weaknesses. Continue Reading
By -
News
31 Jul 2024
Microsoft confirms DDoS attack disrupted cloud services
Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
29 Jul 2024
8 blockchain-as-a-service providers to have on your radar
You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading
By- Christine Campbell, The Alpha Content Company
- Tony Kontzer
-
Video
29 Jul 2024
An explanation of the CrowdStrike outage
A botched CrowdStrike update triggered a massive outage, affecting airlines, healthcare, banking and transit. Continue Reading
By- Tommy Everson, Assistant Editor
-
News
26 Jul 2024
Researcher says deleted GitHub data can be accessed 'forever'
Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jul 2024
CrowdStrike: 97% of Windows sensors back online after outage
While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tutorial
25 Jul 2024
How to use PuTTY for SSH key-based authentication
This tutorial on the open source PuTTY SSH client covers how to install it, its basic use and step-by-step instructions for configuring key-based authentication. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
News
24 Jul 2024
CrowdStrike: Content validation bug led to global outage
CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
23 Jul 2024
Risk & Repeat: Faulty CrowdStrike update causes global outage
Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Jul 2024
GitLab users cautiously optimistic on Datadog DevSecOps deal
Datadog is reportedly a suitor for GitLab; existing users understand the rationale for such a deal, but key questions must be answered before they'd adopt deeper integrations. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
22 Jul 2024
Microsoft: Faulty CrowdStrike update affected 8.5M devices
Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
19 Jul 2024
Is today's CrowdStrike outage a sign of the new normal?
A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them. Continue Reading
By- Gabe Knuth, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
19 Jul 2024
Defective CrowdStrike update triggers mass IT outage
A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
18 Jul 2024
What dangling pointers are and how to avoid them
Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
By -
News
16 Jul 2024
AI gateways emerge in response to governance concerns
Enterprise IT investment is pouring into AI, but security and governance remain major stumbling blocks to production. Enter API gateway vendors eager to assist -- and cash in. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
15 Jul 2024
What is an intrusion detection system (IDS)?
An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
-
Definition
12 Jul 2024
Linux Secure Boot
Linux Secure Boot is a Hyper-V feature that Microsoft introduced in Windows 10 and Windows Server 2016. The feature allows specific Linux distributions to boot properly when running in Hyper-V generation 2 virtual machines. Continue Reading
By- Robert Sheldon
- Stephen J. Bigelow, Senior Technology Editor
-
News
09 Jul 2024
Microsoft fixes 2 zero-days in massive July Patch Tuesday
Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Mary K. Pratt
-
Tip
02 Jul 2024
How to secure Azure Functions with Entra ID
Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure Functions with Entra ID to optimize data security? Continue Reading
By- Liam Cleary, SharePlicity
-
News
27 Jun 2024
New Relic CEO sets observability strategy for the AI age
Former Proofpoint CEO sets an AI-focused agenda, including an Nvidia partnership launched this week, while denying layoff rumors and speculation about a merger with Sumo Logic. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
27 Jun 2024
Supply chain attacks conducted through Polyfill.io service
In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
By- Arielle Waldman, News Writer
-
News
26 Jun 2024
Datadog DASH updates push into fresh IT automation turf
A series of product updates at Datadog DASH broke out of the vendor's usual observability domain and into territory held by Atlassian, PagerDuty and others. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
26 Jun 2024
MoveIt Transfer vulnerability targeted amid disclosure drama
Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Jun 2024
JFrog buy bolsters MLOps combo with DevSecOps
JFrog plans to meld AI/ML development with established DevSecOps pipelines through the acquisition of Qwak in a bid to help more enterprise AI apps reach production. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
19 Jun 2024
SUSE Rancher gears up amid VMware-Broadcom 'feeding frenzy'
SUSE Rancher bolsters its bid to capture users dissatisfied with Broadcom's changes to VMware with the acquisition of StackState and other updates to its Prime package. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Podcast
18 Jun 2024
Risk & Repeat: Microsoft under fire again over Recall
Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Jun 2024
EPAM denies link to Snowflake customer attacks
EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
17 Jun 2024
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types
Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes
In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Jun 2024
Congress grills Microsoft president over security failures
Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Jun 2024
Microsoft's Recall changes might be too little, too late
Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs
Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
By- Tim McCarthy, News Writer
-
News
11 Jun 2024
Microsoft delivers 51 fixes for June Patch Tuesday
A critical remote-code execution flaw in Windows and a DoS vulnerability affecting DNS in Windows Server top the list of patching priorities for admins. Continue Reading
By- Tom Walat, Site Editor
-
Tip
10 Jun 2024
8 SaaS security best practices for 2024
SaaS has become ubiquitous. To secure it, take steps to inventory SaaS usage, securely authenticate usage, encrypt data, adopt single sign-on and more. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
07 Jun 2024
How to conduct an API risk assessment and improve security
APIs are essential, but hackers find them attractive targets. A comprehensive API risk assessment strategy helps you identify potential vulnerabilities. Continue Reading
By -
Definition
05 Jun 2024
SUSE Linux Enterprise Server (SLES)
SUSE Linux Enterprise Server (SLES) is a Linux-based server operating system created and maintained by the German-based organization, SUSE. Continue Reading
By- Gavin Wright
- Tim Culverhouse, Site Editor
-
News
03 Jun 2024
Hugging Face tokens exposed, attack scope unknown
After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
03 Jun 2024
Using ChatGPT as a SAST tool to find coding errors
ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading
By- Matthew Smith, Seemless Transition LLC
-
News
28 May 2024
How AI could bolster software supply chain security
Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
23 May 2024
virtual firewall
A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
By- Kinza Yasar, Technical Writer
- Linda Rosencrance
-
News
22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'
Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
21 May 2024
cloud penetration testing
Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses. Continue Reading
By- Char Sample, ICF International
-
Feature
17 May 2024
How AI-driven patching could transform cybersecurity
At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
By- Alissa Irei, Senior Site Editor
-
Opinion
16 May 2024
3 reasons Synopsys is selling its app security business
Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry. Continue Reading
By- David Vance
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
14 May 2024
Microsoft handles 2 Windows zero-days on May Patch Tuesday
In addition to the Windows vulnerabilities exploited in the wild, admins should focus on patching multiple flaws in web browsers from Google, Microsoft and Mozilla. Continue Reading
By- Tom Walat, Site Editor
-
News
14 May 2024
Google discloses 2 zero-day vulnerabilities in less than a week
Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
10 May 2024
Patch Tuesday
Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
09 May 2024
'Secure by design' makes waves at RSA Conference 2024
Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
09 May 2024
TikTok bans explained: Everything you need to know
The United States government takes aim at the viral video sharing application TikTok. Continue Reading
By- Ben Lutkevich, Site Editor
-
Definition
08 May 2024
risk-based patch management (RBPM)
Risk-based patch management (RBPM) is an approach to implementing patches to fix software code that prioritizes patches that address security issues posing the highest risk to the organization. Continue Reading
-
Definition
06 May 2024
risk-based vulnerability management (RBVM)
Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk. Continue Reading
-
News
03 May 2024
Cloud campaign intensifies for Atlassian software products
Atlassian plans to continue updating Data Center products, but accelerating cloud updates and migrations touted at Team '24 prompt questions about their long-term future. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
03 May 2024
How remote work is changing patch management
The work-from-home revolution is putting new demands on remote patch management. Here's how to tackle the challenges and make sure your remote workforce is protected. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
01 May 2024
Verizon DBIR: Vulnerability exploitation in breaches up 180%
Verizon said it examined approximately twice as many breaches for the 2024 Data Breach Investigations Report -- 10,626 out of 30,458 total tracked incidents. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
29 Apr 2024
Navigating cloud patch management: Benefits, best practices
Bad actors use malicious code to exploit vulnerabilities, targeting on-demand systems and applications. Having an efficient mechanism to deploy patches in the cloud is critical. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
24 Apr 2024
GitHub vulnerability leaks sensitive security reports
The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
22 Apr 2024
AI, toll fraud and messaging top the list of UC security concerns
AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their unified communications platforms. Continue Reading
By- Irwin Lazar, Metrigy Research
-
Tip
19 Apr 2024
Automated patch management: 9 best practices for success
Automating the patching process is almost a necessity, especially in large organizations. Here's why, plus pros and cons, tips and best practices for keeping systems up to date. Continue Reading