Vulnerabilities in Apple products alert
Monday, September 30, 2024 by Richard Harris
CERT-In has recently issued Advisory CIAD-2024-0046, highlighting multiple high-severity vulnerabilities in Apple products. The vulnerabilities affect a wide range of Apple software, including iOS versions prior to 18, iPadOS versions prior to 18, macOS Sonoma versions prior to 14.7, macOS Ventura versions prior to 13.7, and the upcoming macOS Sequoia versions prior to ...
iOS Market Insights for EU
Wednesday, September 18, 2024 by Richard Harris
MacPaw released its new report, "iOS Market Insights for EU." The study, conducted by MacPaw’s alternative app marketplace Setapp Mobile, surveyed over 1,200 iOS users across various European Union countries, including France, Germany, and Spain.
iOS Market Insights report by MacPaw, reveals 80% of EU iOS users are open to third-party app stores
...
PhishFlagger anti-phishing email solution released
Monday, August 19, 2024 by Austin Harris
PhishFlagger, a human-compatible patented phishing solution, recently announced its new patented anti-phishing email solution. The solution validates emails through a unique identifier protocol, PhishCounter, which adds a sequential number in the subject line that identifies all outgoing and inbound emails. The easily implemented system also allows recipients to identif...
GenAI cybersecurity assistant lands from IBM
Friday, August 16, 2024 by Freeman Lightner
IBM recently announced the introduction of generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM's watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification,...
Paris 2024 Olympic apps ask for dangerous permissions
Monday, August 12, 2024 by Austin Harris
As Paris city attracted a large number of sports tourists, the apps for the Olympic Games 2024 are tracking them, extracting private data, and peddling it to advertisers and big tech.
According to a report from the Cybernews research team, which selected 12 Android apps relevant to the Olympic Games attendees in Paris and tested their permissions, the apps designed t...
Generative AI in Application Security report from Checkmarx
Monday, August 12, 2024 by Richard Harris
Checkmarx, the in-cloud-native application security provider, has published its Seven Steps to Safely Use Generative AI in Application Security report, which analyzes key concerns, usage patterns, and buying behaviors relating to the use of AI in enterprise application development. The global study exposed the tension between the need to empower both...
EU says Apple breached DMA regulations
Wednesday, July 10, 2024 by Richard Harris
The AP is among outlets reporting that Apple becomes first target of EU’s new digital competition rules aimed at big tech, reporting: “European Union regulators leveled their first charges under the bloc’s new digital competition rulebook, accusing Apple of preventing app makers from pointing users to cheaper options outside its App Store. The European...
Veracode acquires Longbow Security
Thursday, April 18, 2024 by Freeman Lightner
Veracode announced the acquisition of Longbow Security, a security risk management platform for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.
The integration of Longbow in...
App developers urged by ICO to protect user data
Thursday, February 15, 2024 by Freeman Lightner
The Information Commissioner’s Office (ICO) is reminding all app developers to ensure they protect users’ privacy, following the regulator’s review of period and fertility apps.
Last year, the ICO looked closely at period and fertility apps to understand how they process personal data and identify whether there is any negative impact on users as a r...
Secure software development insights from The Linux Foundation
Monday, February 5, 2024 by Richard Harris
The Linux Foundation published a new report, Maintainer Perspectives on Open Source Software Security, based on a survey of OSS maintainers and core contributors, to understand perspectives on OSS security and the uptake and adoption of security best practices by maintainers, core contributors, end users, and other members of the OSS ecosystem.
Maintainer Perspective...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Runtime code review from AppMap enhances productivity
Tuesday, November 14, 2023 by Richard Harris
AppMap has announced its innovative Runtime Code Review solution that will transform software quality and the developer experience. AppMap's mission is to deliver actionable insights to developers where they work, and AppMap continues to deliver on the promise with its latest release for the GitHub Marketplace.
Unexpected runtime defects account fo...
App security threat report results from Digital Ai
Thursday, October 19, 2023 by Richard Harris
Digital.ai announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood o...
Network-based cybersecurity threat detection SDK launches
Monday, October 16, 2023 by Freeman Lightner
Enea has launched the Enea Qosmos Threat Detection SDK. This revolutionary threat detection system has the potential to double performance in network-based cybersecurity solutions.
The Qosmos Threat Detection SDK enables the integration of Enea's flagship deep packet inspection (DPI) engine, Qosmos ixEngine, with core IDS capabilities drawn from Suricata, the wid...
App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
AppSec 2023 predictions from Oxeye Security
Wednesday, February 8, 2023 by Freeman Lightner
Oxeye, the provider of award-winning cloud-native application security, announced five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications resulting in the need for new and more ef...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Austin Harris
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
Open Bug Bounty has fixed 1 million vulnerabilities
Monday, November 7, 2022 by Brittany Hainzinger
Open Bug Bounty is an open, disintermediated, cost-free, and community-driven Bug Bounty platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. It passed the milestone on 27 October of fixing over 1,000,000 web security vulnerabilities.
The Open Bug Bounty project enables website owners to receive advice and support from&n...
Traceable AI and ArmorCode integration
Wednesday, August 24, 2022 by Brittany Hainzinger
ArmorCode has announced an integration with Traceable AI which will bring its data into the ArmorCode platform and improve Application Security Posture from code to cloud.
To move at the speed of business, modern applications are increasingly powered by APIs to deliver functionality. The challenge is that each new API must be secured and as the number of APIs in...
ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
AppSecCon 2022 dates
Monday, May 9, 2022 by Freeman Lightner
The Purple Book Community, a community of top security leaders, announced that AppSecCon 2022 will take place May 18-19, 2022. The virtual event is expected to host thousands of leading security professionals from around the world.0
AppSecCon 2022 dates
When: May 18-19, 2022 from 9 a.m. to 2 p.m. (PT) each day
Where: Virtual Conference, Register Today! Presenta...
App modernization in 2022
Monday, January 10, 2022 by Brittany Hainzinger
Ajay Patel is the General Manager for VMware’s Modern Applications & Management Business with the mission to be the leader in application modernization, cloud-native application development, and multi-cloud management through VMware Tanzu and vRealize portfolio.
Ajay has over 30 years of enterprise software expertise. Ajay previously served as the Treasurer...
Increase developer productivity in 2022
Sunday, January 9, 2022 by Freeman Lightner
Patrick Jean is the CTO at OutSystems, where he's focused on building a great engineering culture where motivated people are free to unleash their passion doing meaningful work. With more than 20 years of engineering leadership experience, he has led multiple high-stakes, cloud transformation initiatives at SaaS providers, blending customer focus, inspired developme...
Cloud provider trends in 2022
Thursday, January 6, 2022 by Brittany Hainzinger
Amir Rapson co-founded vFunction and serves as its CTO, overseeing technology, product, and engineering. Prior to co-founding vFunction in 2017, Amir was GM and VP R&D at WatchDox until its acquisition by Blackberry, where Amir served as a VP of R&D. Prior to WatchDox, Amir held R&D positions at CTERA Networks and at SofaWare (Acquired by Check Point). Amir ...
Cloud and cyber asset management trends for 2022
Thursday, January 6, 2022 by Richard Harris
Companies have been racing to mature their technologies and pursue digital transformations in the last few years, as a way to gain or maintain competitive advantage and resilience. This has led to an emerging area of focus: cyber asset management. Organizations are now taking inventory of their IT infrastructure and prioritizing more agile cyber asset management process...
Software industry predictions in 2022 from Infragistics
Tuesday, January 4, 2022 by Richard Harris
The Infragistics experts Jason Beres, Tobias Komischke, and Dean Guida share their 2022 software industry predictions about Low-Code/No-Code, App Builders, Big Data/Embedded Analytics, UI/UX Design, Data Catalogs, and Digital Transformations.
“The biggest DevOps trend for 2022 will be low-code no-code tools that save developers time and money. Rather than being...
5G 2022 predictions from EdgeQ
Tuesday, January 4, 2022 by Richard Harris
Vinay Ravuri, CEO at EdgeQ shares his predictions for 2022 about the cloudification of 5G, the death of Moore's law, 5G & AI convergence, and more.
5G will become an essential utility and assumed “natural resource” of infrastructure. Supplying the digital “pipeline” and harnessing data currency will become a focal point of national sec...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Oxeye closes a $5.3 Million seed financing round
Thursday, November 4, 2021 by Brittany Hainzinger
Oxeye announced the closing of a $5.3 Million seed financing round led by MoreVC, a seed-stage venture capital fund in Israel. The latest round includes support from i3 Equity Partners, and other cybersecurity focused investors as the company prepares to protect the world’s most popular Web applications with next-generation cloud-native Application Security Testin...
Promon partners with F5 to simplify mobile SDK integration
Wednesday, October 27, 2021 by Austin Harris
Promon, the Oslo-based app security company announced its partnership with F5, the multi-cloud application security and delivery company. This partnership now enables F5's customers to seamlessly implement the F5 Bot Defense Mobile SDK. The solution provides developers with the necessary tools to protect their applications from bot attacks utilizing Promon'...
Compliance automation will take center stage this year
Wednesday, May 26, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
Docker desktop for Mac is now available from Docker Inc
Thursday, April 15, 2021 by Brittany Hainzinger
Docker, Inc.™ announced general availability of its much-anticipated Docker Desktop for Mac, enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.
“This is great news for the many developers who have been clamori...
.jpg)
