Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 18 Apr 2025
Try these strategies to modernize Windows workloads

Legacy applications create tough choices for admins who must balance business needs and security. This article covers these challenges and modernization strategies. Continue Reading
By
- Dwayne Rendell, Triskele Labs
News 18 Apr 2025
Availity eyes GitLab Duo with Amazon Q for code refactoring

The healthcare network's release engineering team is testing the new AI agent pairing to help with code consolidation, modernization and risk mitigation. Continue Reading
By
- Beth Pariseau, Senior News Writer

Tip 29 Apr 2024
Navigating cloud patch management: Benefits, best practices

Bad actors use malicious code to exploit vulnerabilities, targeting on-demand systems and applications. Having an efficient mechanism to deploy patches in the cloud is critical. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 24 Apr 2024
GitHub vulnerability leaks sensitive security reports

The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix. Continue Reading
By
- Arielle Waldman, News Writer
Tip 22 Apr 2024
AI, toll fraud and messaging top the list of UC security concerns

AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their unified communications platforms. Continue Reading
By
- Irwin Lazar, Metrigy Research
Tip 19 Apr 2024
Automated patch management: 9 best practices for success

Automating the patching process is almost a necessity, especially in large organizations. Here's why, plus pros and cons, tips and best practices for keeping systems up to date. Continue Reading
By
- Andy Patrizio
News 18 Apr 2024
GitLab Duo plans harness growing interest in platform AI

GitLab's next release will tie its Duo AI tools to the full DevSecOps pipeline in a bid to capitalize on increased interest in AI automation among platform engineers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Apr 2024
CrowdStrike extends cloud security to Mission Cloud customers

CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Apr 2024
DHS funding breathes fresh life into SBOMs

Protobom, now an OpenSSF sandbox project, is the first of multiple software supply chain security efforts funded under the Silicon Valley Innovation Program. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 16 Apr 2024
How to conduct security patch validation and verification

Learn about the validation and verification phases of the security patch deployment cycle, two key steps to ensuring an organization's patch management procedure is proactive. Continue Reading
By
- Michael Cobb, Felicia Nicastro
Tip 15 Apr 2024
Key software patch testing best practices

Every company has to update and patch its software, but without careful testing, serious problems can occur. Here's how to make sure you're following the right steps. Continue Reading
By
- Michael Cobb
News 12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails

CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Apr 2024
Supply chain attack abuses GitHub features to spread malware

Checkmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious code. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 Apr 2024
Identity, data security expectations for RSA Conference 2024

Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Apr 2024
Microsoft corks Windows zero-day on April Patch Tuesday

The company delivered one of its largest security update releases in recent years with a proxy driver spoofing vulnerability topping the patching priority list. Continue Reading
By
- Tom Walat, Site Editor
News 09 Apr 2024
Unit 42: Malware-initiated scanning attacks on the rise

Palo Alto Networks' research team warned of threat actors compromising one victim and then using that victim's resources to discreetly scan for vulnerabilities on other systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 Apr 2024
Why the Keitaro TDS keeps causing security headaches

Keitaro insists it is on the side of the law, but threat actors continue to flock to the software company's traffic distribution system to redirect users to malicious domains. Continue Reading
By
- Rob Wright, Senior News Director
News 04 Apr 2024
Infosec professionals praise CSRB report on Microsoft breach

Security professionals and executives weigh in on how the Cyber Safety Review Board handled its investigation into Microsoft and what it could mean for the tech giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 04 Apr 2024
10 enterprise patch management best practices

It might not be the most exciting responsibility, but the value of a well-executed patch management strategy can't be denied. Use these best practices to build a smooth process. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 04 Apr 2024
The ultimate guide to mobile device security in the workplace

Mobile devices provide connectivity for employees to access business data and communicate with colleagues, but these unique benefits come with specific security challenges for IT. Continue Reading
By
- John Powers, Senior Site Editor
News 03 Apr 2024
Cyber Safety Review Board slams Microsoft security failures

The Department of Homeland Security's Cyber Safety Review Board said a 'cascade' of errors at Microsoft allowed nation-state hackers to access U.S. government emails last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Apr 2024
GitHub Actions-hosted runners tie in Azure private networks

Private network support is also planned for AWS and Google Cloud Platform, but industry watchers see a power play for Microsoft Azure in GitHub Actions updates this week. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 01 Apr 2024
XZ backdoor discovery reveals Linux supply chain attack

A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two years. Continue Reading
By
- Rob Wright, Senior News Director
- Alexander Culafi, Senior News Writer
News 29 Mar 2024
Typosquatting campaign, malicious packages slam PyPI

Threat actors used automated typosquatting attacks to lead victims to malicious python packages in yet another campaign targeting the open-source software supply chain. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 27 Mar 2024
See what's coming in Windows Server 2025

Microsoft plans several changes to the upcoming version of Windows Server that promise more financial flexibility and boosts in security and workload performance. Continue Reading
By
- Brien Posey
Opinion 27 Mar 2024
Cybersecurity highlights from KubeCon + CloudNativeCon Europe

New AI features took the spotlight at the conference, but security teams must prepare to support AI use with the right policies, controls and access. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 26 Mar 2024
Top.gg supply chain attack highlights subtle risks

Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
News 22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips

Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
By
- Rob Wright, Senior News Director
Tutorial 22 Mar 2024
Fuzzy about fuzz testing? This fuzzing tutorial will help

Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 21 Mar 2024
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
News 18 Mar 2024
Cisco lays out security, observability plans for Splunk

Cisco disclosed broad integration plans for its $28 billion acquisition of Splunk, now officially closed, that will encompass AI, security, observability and networking. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Mar 2024
GitOps users warned to patch 3 new Argo CD CVEs

Three recently identified vulnerabilities, one designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 15 Mar 2024
CISA software supply chain security form omits SBOMs

Federal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs' spotlight is fading and big risks remain, experts said. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 14 Mar 2024
JetBrains, Rapid7 clash over vulnerability disclosure policies

In a blog post this week, JetBrains argued that attacks on TeamCity customers were the result of Rapid7 publishing the full technical details of two critical vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Mar 2024
March Patch Tuesday fixes critical Hyper-V vulnerabilities

Microsoft also corrects a remote code execution flaw on Exchange Server and issues an advisory related to changes with an outdated file-scanning feature on the messaging platform. Continue Reading
By
- Tom Walat, Site Editor
News 12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws

Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Mar 2024
5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 08 Mar 2024
How to create a local admin account with Microsoft Intune

Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By
- Brien Posey
Feature 08 Mar 2024
GenAI risks, rewards arise for DevOps and platform engineers

From chatbots that alleviate pressure on IT help desks to full-fledged LLMOps, DevOps and platform teams are at the forefront of enterprise generative AI adoption. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities

CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Feb 2024
New Nvidia, GitHub AI coding assistants expand devs' options

GitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants. But caution, especially with security, is still warranted. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code

Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
By
- Rob Wright, Senior News Director
News 22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage

Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Feb 2024
firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By
- Paul Kirvan
- Mike Chapple, University of Notre Dame
News 15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Feb 2024
February Patch Tuesday corrects two Windows zero-days

Administrators should focus on quickly deploying a critical vulnerability in Microsoft Outlook and exercising caution when applying an Exchange Server 2019 cumulative update. Continue Reading
By
- Tom Walat, Site Editor
Definition 12 Feb 2024
crisis management plan (CMP)

A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate. Continue Reading
By
- Rahul Awati
- Nick Barney, Technology Writer
- Paul Crocetti, Executive Editor
News 07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack

The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
By
- Rob Wright, Senior News Director
News 16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2024
Microsoft starts year with a subdued January Patch Tuesday

For the second month in a row, Microsoft had no zero-days and relatively few vulnerabilities for administrators to address. Continue Reading
By
- Tom Walat, Site Editor
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
News 27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild

On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Dec 2023
Cisco Security Cloud adds Isovalent for multi-cloud networks

The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 21 Dec 2023
Web fuzzing: Everything you need to know

Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps before attackers do. Continue Reading
By
- Rob Shapland
Definition 21 Dec 2023
Zoombombing

Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
By
- Corinne Bernstein
News 18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Dec 2023
business logic

In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. Continue Reading
By
- Robert Sheldon
- Ivy Wigmore
News 12 Dec 2023
Microsoft delivers light December Patch Tuesday for admins

IT operations teams should prioritize deploying the Windows cumulative update to dispatch a critical MSHTML bug affecting Microsoft Outlook. Continue Reading
By
- Tom Walat, Site Editor
Opinion 12 Dec 2023
Application security consolidation remains nuanced

As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director
News 04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw

Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites

Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By
- Rob Wright, Senior News Director
News 29 Nov 2023
Okta: Support system breach affected all customers

Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 20 Nov 2023
Security continues to lag behind cloud app dev cycles

Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 14 Nov 2023
Microsoft halts 3 zero-days on November Patch Tuesday

Microsoft addresses 67 vulnerabilities, including six critical, and shuts down four bugs in the Exchange Server email platform this month. Continue Reading
By
- Tom Walat, Site Editor
News 14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw

Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Nov 2023
Generative AI brings changes to cloud-native platforms

Generative AI took over tech in 2023, and cloud-native platforms are no exception. The need to support LLMs is already affecting CNCF projects, including Kubernetes. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability

SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Nov 2023
Atlassian Confluence vulnerability under widespread attack

Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Nov 2023
Intel exec affixes OpenSSF, CNCF open source security efforts

Intel's Arun Gupta, now governing board chair of both the CNCF and OpenSSF, discusses his plans to bring all three organizations together to improve open source security. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws

Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 06 Nov 2023
multisig (multisignature)

Multisig, also called multisignature, is the requirement for a transaction to have two or more signatures before it can be executed. Continue Reading
By
- Rahul Awati
- Mary K. Pratt
News 02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security

In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Nov 2023
Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type

Microsoft published patches to address all 117 Microsoft 365 Apps flaws disclosed Tuesday, and the tech giant has disabled support for SketchUp, or SKP, 3D model files. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 01 Nov 2023
authentication

Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By
- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 31 Oct 2023
No patches yet for Apple iLeakage side-channel attack

Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Oct 2023
virtualization-based security (VBS)

Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware. Continue Reading
By
- Rahul Awati
- Colin Steele
Definition 30 Oct 2023
supercookie

A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits. Continue Reading
By
- Rahul Awati
- Madelyn Bacon, TechTarget
Tip 30 Oct 2023
What an email security policy is and how to build one

Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 24 Oct 2023
1Password stops attack linked to Okta breach

1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Oct 2023
Okta customer support system breached via stolen credentials

During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By
- Arielle Waldman, News Writer
Tip 20 Oct 2023
How to work with the new Windows LAPS feature

Microsoft updated this automated method to manage and back up passwords for local administrator accounts on Windows desktop and server systems. See what's new with Windows LAPS. Continue Reading
By
- Brien Posey
News 19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability

While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Oct 2023
Prisma Cloud analytics, automation boost DevSecOps speed

Prisma Cloud's Darwin update looks to address DevSecOps communication and velocity lags with centralized analytics and by ditching tickets for automated pull requests. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)

A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By
- Rahul Awati
Tip 17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges

Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 10 Oct 2023
Microsoft tackles three zero-days for October Patch Tuesday

The company releases fixes for several products affected by the HTTP/2 "Rapid Reset" vulnerability to help curb widespread Distributed Denial-of-Service attacks. Continue Reading
By
- Tom Walat, Site Editor
News 04 Oct 2023
Critical Atlassian Confluence zero-day flaw under attack

Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Oct 2023
Docker Scout GA leads 'local plus cloud' push

Docker Scout replaces open source Docker Scan with an event-driven vulnerability management system in a bid to boost the vendor's value beyond developers' local laptops. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 03 Oct 2023
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers

Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 03 Oct 2023
security posture

Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Linda Rosencrance
News 02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws

The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Sep 2023
How to use Wireshark to sniff and scan network traffic

Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By
- Ed Moyle, SecurityCurve