Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

June 28, 2022 28 Jun'22
Ransomware gangs using Log4Shell to attack VMware instances

Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro.
June 23, 2022 23 Jun'22
Chinese HUI Loader malware ups the ante on espionage attacks

A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms.
June 14, 2022 14 Jun'22
Critical Atlassian Confluence flaw remains under attack

Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority.
June 13, 2022 13 Jun'22
Tenable slams Microsoft over Azure vulnerabilities

Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched.

Bring yourself up to speed with our introductory content

7 enterprise patch management best practices

It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process. Continue Reading
How to set up automated log collection with PowerShell

Gathering logs from on-premises Windows Server systems or Office 365 cloud services is a necessary but tedious job. Try a PowerShell script to ease the pain. Continue Reading
Patch Tuesday

Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

An enterprise bug bounty program vs. VDP: Which is better?

Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
How hackers use AI and machine learning to target enterprises

AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading

Learn to apply best practices and optimize your operations.

Top 4 best practices to secure the SDLC

NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
Key software patch testing best practices

Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps? Continue Reading
5 fundamental strategies for REST API authentication

There are various authentication methods for REST APIs, ranging from basic credentials and token encryption to complex, multilayered access control and permissions validation. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
How to mitigate Log4Shell, the Log4j vulnerability

The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading