Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Podcast
08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack
Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Apr 2024
DHS funding breathes fresh life into SBOMs
Protobom, now an OpenSSF sandbox project, is the first of multiple software supply chain security efforts funded under the Silicon Valley Innovation Program. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
16 Apr 2024
How to conduct security patch validation and verification
Learn about the validation and verification phases of the security patch deployment cycle, two key steps to ensuring an organization's patch management procedure is proactive. Continue Reading
By- Michael Cobb, Felicia Nicastro
-
Tip
15 Apr 2024
Key software patch testing best practices
Every company has to update and patch its software, but without careful testing, serious problems can occur. Here's how to make sure you're following the right steps. Continue Reading
By -
News
12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails
CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Apr 2024
Supply chain attack abuses GitHub features to spread malware
Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
10 Apr 2024
Identity, data security expectations for RSA Conference 2024
Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
09 Apr 2024
Microsoft corks Windows zero-day on April Patch Tuesday
The company delivered one of its largest security update releases in recent years with a proxy driver spoofing vulnerability topping the patching priority list. Continue Reading
By- Tom Walat, Site Editor
-
News
09 Apr 2024
Unit 42: Malware-initiated scanning attacks on the rise
Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
09 Apr 2024
Why the Keitaro TDS keeps causing security headaches
Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By- Rob Wright, Senior News Director
-
News
04 Apr 2024
Infosec professionals praise CSRB report on Microsoft breach
Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
04 Apr 2024
10 enterprise patch management best practices
It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Feature
04 Apr 2024
The ultimate guide to mobile device security in the workplace
Mobile devices provide connectivity for employees to access business data and communicate with colleagues, but these unique benefits come with specific security challenges for IT. Continue Reading
By- John Powers, Senior Site Editor
-
News
03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures
The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 Apr 2024
GitHub Actions-hosted runners tie in Azure private networks
Private network support is also planned for AWS and Google Cloud Platform, but industry watchers see a power play for Microsoft Azure in GitHub Actions updates this week. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
01 Apr 2024
XZ backdoor discovery reveals Linux supply chain attack
A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
By- Rob Wright, Senior News Director
- Alexander Culafi, Senior News Writer
-
News
29 Mar 2024
Typosquatting campaign, malicious packages slam PyPI
Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
27 Mar 2024
See what's coming in Windows Server 2025
Microsoft plans several changes to the upcoming version of Windows Server that promise more financial flexibility and boosts in security and workload performance. Continue Reading
By -
Opinion
27 Mar 2024
Cybersecurity highlights from KubeCon + CloudNativeCon Europe
New AI features took the spotlight at the conference, but security teams must prepare to support AI use with the right policies, controls and access. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
26 Mar 2024
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
-
News
22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips
Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
By- Rob Wright, Senior News Director
-
Tutorial
22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help
Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
21 Mar 2024
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
-
News
18 Mar 2024
Cisco lays out security, observability plans for Splunk
Cisco disclosed broad integration plans for its $28 billion acquisition of Splunk, now officially closed, that will encompass AI, security, observability and networking. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
18 Mar 2024
GitOps users warned to patch 3 new Argo CD CVEs
Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
15 Mar 2024
CISA software supply chain security form omits SBOMs
Federal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs' spotlight is fading and big risks remain, experts said. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Feature
14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies
In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Mar 2024
March Patch Tuesday fixes critical Hyper-V vulnerabilities
Microsoft also corrects a remote code execution flaw on Exchange Server and issues an advisory related to changes with an outdated file-scanning feature on the messaging platform. Continue Reading
By- Tom Walat, Site Editor
-
News
12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws
Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
11 Mar 2024
5 PaaS security best practices to safeguard the app layer
Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
08 Mar 2024
How to create a local admin account with Microsoft Intune
Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By -
Feature
08 Mar 2024
GenAI risks, rewards arise for DevOps and platform engineers
From chatbots that alleviate pressure on IT help desks to full-fledged LLMOps, DevOps and platform teams are at the forefront of enterprise generative AI adoption. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities
CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 Feb 2024
New Nvidia, GitHub AI coding assistants expand devs' options
GitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants. But caution, especially with security, is still warranted. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws
Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code
Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
By- Rob Wright, Senior News Director
-
News
22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now
Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage
Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
15 Feb 2024
firewall as a service (FWaaS)
Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By- Paul Kirvan
- Mike Chapple, University of Notre Dame
-
News
15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues
In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs
Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Feb 2024
February Patch Tuesday corrects two Windows zero-days
Administrators should focus on quickly deploying a critical vulnerability in Microsoft Outlook and exercising caution when applying an Exchange Server 2019 cumulative update. Continue Reading
By- Tom Walat, Site Editor
-
Definition
12 Feb 2024
crisis management plan (CMP)
A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate. Continue Reading
By- Rahul Awati
- Nick Barney, Technology Writer
- Paul Crocetti, Executive Editor
-
News
07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years
A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
31 Jan 2024
Top 15 email security best practices for 2024
Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
By- Sharon Shea, Executive Editor
- Peter Loshin, Former Senior Technology Editor
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023
During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack
The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
By- Rob Wright, Senior News Director
-
News
16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation
Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By- Arielle Waldman, News Writer
-
News
11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack
Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Jan 2024
Microsoft starts year with a subdued January Patch Tuesday
For the second month in a row, Microsoft had no zero-days and relatively few vulnerabilities for administrators to address. Continue Reading
By- Tom Walat, Site Editor
-
Definition
09 Jan 2024
sandbox
A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
-
News
27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild
On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Dec 2023
Cisco Security Cloud adds Isovalent for multi-cloud networks
The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
21 Dec 2023
Web fuzzing: Everything you need to know
Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps before attackers do. Continue Reading
By -
Definition
21 Dec 2023
Zoombombing
Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
-
News
18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook
During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
15 Dec 2023
business logic
In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. Continue Reading
-
News
12 Dec 2023
Microsoft delivers light December Patch Tuesday for admins
IT operations teams should prioritize deploying the Windows cumulative update to dispatch a critical MSHTML bug affecting Microsoft Outlook. Continue Reading
By- Tom Walat, Site Editor
-
Opinion
12 Dec 2023
Application security consolidation remains nuanced
As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models
Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By- Rob Wright, Senior News Director
-
News
04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw
Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By- Arielle Waldman, News Writer
-
News
30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites
Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By- Rob Wright, Senior News Director
-
News
29 Nov 2023
Okta: Support system breach affected all customers
Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
20 Nov 2023
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
14 Nov 2023
Microsoft halts 3 zero-days on November Patch Tuesday
Microsoft addresses 67 vulnerabilities, including six critical, and shuts down four bugs in the Exchange Server email platform this month. Continue Reading
By- Tom Walat, Site Editor
-
News
14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw
Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Nov 2023
Generative AI brings changes to cloud-native platforms
Generative AI took over tech in 2023, and cloud-native platforms are no exception. The need to support LLMs is already affecting CNCF projects, including Kubernetes. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability
SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Nov 2023
Atlassian Confluence vulnerability under widespread attack
Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Nov 2023
Intel exec affixes OpenSSF, CNCF open source security efforts
Intel's Arun Gupta, now governing board chair of both the CNCF and OpenSSF, discusses his plans to bring all three organizations together to improve open source security. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws
Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
06 Nov 2023
multisig (multisignature)
Multisig, also called multisignature, is the requirement for a transaction to have two or more signatures before it can be executed. Continue Reading
-
News
02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security
In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
02 Nov 2023
Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type
Microsoft published patches to address all 117 Microsoft 365 Apps flaws disclosed Tuesday, and the tech giant has disabled support for SketchUp, or SKP, 3D model files. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
01 Nov 2023
authentication
Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
-
News
31 Oct 2023
No patches yet for Apple iLeakage side-channel attack
Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
31 Oct 2023
virtualization-based security (VBS)
Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware. Continue Reading
-
Definition
30 Oct 2023
supercookie
A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits. Continue Reading
By- Rahul Awati
- Madelyn Bacon, TechTarget
-
Tip
30 Oct 2023
What an email security policy is and how to build one
Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
24 Oct 2023
1Password stops attack linked to Okta breach
1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Oct 2023
Okta customer support system breached via stolen credentials
During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
20 Oct 2023
How to work with the new Windows LAPS feature
Microsoft updated this automated method to manage and back up passwords for local administrator accounts on Windows desktop and server systems. See what's new with Windows LAPS. Continue Reading
By -
News
19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Oct 2023
Prisma Cloud analytics, automation boost DevSecOps speed
Prisma Cloud's Darwin update looks to address DevSecOps communication and velocity lags with centralized analytics and by ditching tickets for automated pull requests. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)
A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By -
Tip
17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
10 Oct 2023
Microsoft tackles three zero-days for October Patch Tuesday
The company releases fixes for several products affected by the HTTP/2 "Rapid Reset" vulnerability to help curb widespread Distributed Denial-of-Service attacks. Continue Reading
By- Tom Walat, Site Editor
-
News
04 Oct 2023
Critical Atlassian Confluence zero-day flaw under attack
Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
04 Oct 2023
Docker Scout GA leads 'local plus cloud' push
Docker Scout replaces open source Docker Scan with an event-driven vulnerability management system in a bid to boost the vendor's value beyond developers' local laptops. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
03 Oct 2023
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers
Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
03 Oct 2023
security posture
Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Linda Rosencrance
-
News
02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws
The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Sep 2023
How to use Wireshark to sniff and scan network traffic
Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By- Ed Moyle, Drake Software
-
News
26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations
According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs
Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
18 Sep 2023
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
14 Sep 2023
CloudBees scales its Jenkins CI, previews SaaS platform
About a year after acquiring ReleaseIQ, CloudBees prepares the fruits of its integration for launch and adds long-awaited scale-out to its commercial version of Jenkins. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
14 Sep 2023
Developer platform Retool breached in vishing attack
A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
By- Arielle Waldman, News Writer