ImmuniWeb Neuron web security scanning
Friday, June 10, 2022 by Richard Harris
ImmuniWeb has announced the launch of ImmuniWeb Neuron, a web application and API web security scanning solution that is based on the award-winning ImmuniWeb AI Platform available.
ImmuniWeb Neuron is designed to rapidly scan tens, hundreds, or even thousands of web applications and APIs for vulnerabilities, weaknesses, and misconfigurations. It c...
Metaverse land sale announced by Billionaire Zombies Club
Thursday, June 9, 2022 by Richard Harris
Billionaire Zombies Club (BZC) has officially announced its metaverse land sale. In what has been a rather historic rise for one of the earliest Polygon-based NFT communities, BZC as the community is affectionately known has spawned a rather unique ethos, movement, and aesthetic that now influences projects across the globe.
Since its launch late last year, BZC has s...
Mitigating API attacks in 2022
Wednesday, January 5, 2022 by Richard Harris
Nathanael Coffing, co-founder and CSO of Cloudentity, is also a board member. Nathanael has over 20 years of management and architecture experience across identity, security, microservices, and IT domains. Prior to founding Cloudentity, he founded OrchIS.io and helped build numerous technology startups leveraging his experience at Sun, Oracle, Imperva, Washington Mutual...
Software cyberattack predictions for 2022
Tuesday, January 4, 2022 by Richard Harris
Nigel Thorpe hails from a software development background and moved to the IT security industry with Entrust Technologies during the early days of PKI. His knowledge has benefited a number of security companies in the UK, Canada, and the USA, and he now serves as Technical Director at SecureAge Technology. With a wide range of experience in different business environmen...
StorONE launches backup storage
Friday, November 19, 2021 by Brittany Hainzinger
The latest ransomware variants perform what is known as sleeper attacks, which avoid discovery by slowly infecting data. By the time an organization realizes it is dealing with a ransomware attack, a high percentage of data is encrypted. Modern backup storage needs to not only provide immutability of backup data it must do so, without impacting performance for pote...
Oxeye closes a $5.3 Million seed financing round
Thursday, November 4, 2021 by Brittany Hainzinger
Oxeye announced the closing of a $5.3 Million seed financing round led by MoreVC, a seed-stage venture capital fund in Israel. The latest round includes support from i3 Equity Partners, and other cybersecurity focused investors as the company prepares to protect the world’s most popular Web applications with next-generation cloud-native Application Security Testin...
Offshore software developers risks and advantages
Thursday, October 28, 2021 by Vivien F. Peaden
The onset of COVID-19 has hastened CEOs’ prioritization of digital transformation to future-proof their organizations. This paradigm change is driving the IT outsourcing spend to improve operational agility, integrate new technologies, and achieve cost-savings and faster time-to-market.
Risks and advantages of using offshore software developers
The pandemic ...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
Faster customer integrations from HackerOne
Thursday, July 29, 2021 by Freeman Lightner
Tray.io has announced that HackerOne is using Tray Embedded to develop and deliver powerful customer integrations at scale. With Tray Embedded, HackerOne quadrupled its integration delivery speed to maximize developer efficiency and reduce the integration maintenance burden. Armed with seamless integrations, HackerOne customers can spend less time context-switching...
Compliance automation will take center stage this year
Wednesday, May 26, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
CircleCI brings privacy enhancements for teams across the enterprise
Monday, February 22, 2021 by Brittany Hainzinger
CircleCI introduced new platform updates to increase the control, protection, privacy, and confidence of today’s engineering teams.
Business leaders are concerned with the growth of remote-only and its impact on security. In fact, research shows 28 percent of leaders in 2020 were anticipated to prioritize improving application security capabilities ...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
Zero trust framework no longer optional 2021 predictions
Tuesday, January 12, 2021 by Brittany Hainzinger
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regula...
API sprawl security concern predictions of 2021 from Volterra
Wednesday, January 6, 2021 by Freeman Lightner
As organizations continue to digitally transform business processes, they are increasingly transitioning from legacy applications to modern, cloud-native apps.
These intricate modern apps feature far more APIs than their predecessors including API sprawl.
Since these apps are built with extensive microservices, many of these APIs are deeply embedded and hidden. Th...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
Linux and LISH release census for open source security
Wednesday, February 19, 2020 by Brittany Hainzinger
The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.
This Census II analysis and report represent important steps towards understanding and addressing structural and s...
Microsoft DART team tracks 77k active web shells
Thursday, February 6, 2020 by Brittany Hainzinger
In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.
According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about...
Data Privacy Day 2020 is here
Tuesday, January 28, 2020 by Richard Harris
Data Privacy Day is here, and with the recent implementation of the California Consumer Privacy Act, the timing could not be better to discuss the importance of taking steps to protect sensitive data while also keeping personal data private and secure.
Similar to GDPR, CCPA will have a profound impact on data privacy and protection, making this year’s Data Priv...
Decentralized technologies solve Illiquidity problems
Tuesday, December 17, 2019 by Richard Harris
Illiquidity is one of the major factors affecting global financial markets. Digitizing new assets and finding corresponding buyers and sellers is difficult and costly. Much has been said about the potential for decentralized technologies to solve these problems, but current offerings fundamentally lack the necessary performance guarantees, feature set, and architectural...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Zero Trust platform from Pulse Secure is enhanced
Tuesday, October 29, 2019 by Richard Harris
Pulse Secure announced that it has introduced new Secure Access management and threat mitigation capabilities within its Zero Trust Network Access platform. Through these enhancements, Pulse Secure enables enterprise and service provider organizations to progress Zero Trust security and mitigate hybrid IT risks while simplifying access to multi-cloud and data center res...
Zeroday vulnerability announced byMcAfee at Defcon
Monday, August 19, 2019 by Richard Harris
At DEFCON, McAfee has announced the discovery of a zero-day vulnerability in a commonly used Delta industrial control system.
The vulnerability found in the Delta enteliBUS Manager could allow malicious actors complete control of the operating system, enabling remote manipulation of access control systems, boiler rooms, temperature control for critical systems and mo...
Elastic Stack 7.3 brings maps and more
Monday, August 5, 2019 by Christian Hargrave
Elastic has delivered Elastic Stack 7.3, which includes some very cool new features such as data frames, anomaly detection, elastic maps, and more. Check out all the highlights of the latest release below.
Elastic Stack 7.3 highlights
Data frames: a new feature that allows users to pivot their Elasticsearch data on the fly to create live entity-centric in...
One click microsegmentation platform from Edgewise
Thursday, June 20, 2019 by Brittany Hainzinger
Edgewise Networks launched its new platform that radically simplifies the creation and management of zero trust environments with one-click microsegmentation. In seconds, companies can stop internal network attacks that have bypassed perimeter defenses. The benefits include a significantly reduced network attack surface, operational efficiency for policy creation and ma...
Making things easy for the developer is ActiveState's mission
Tuesday, April 2, 2019 by Christian Hargrave
ActiveState added enhancements to its ActiveState Platform, a SaaS offering, benefiting contributors, maintainers and users facing challenges with Python and other open source languages.
The new features will give ActiveState Platform account holders the flexibility to fork an existing language distribution and install it into a virtual environment. Developers elimin...
API security testing just got easier with 42Crunch's new scanner
Thursday, March 21, 2019 by Richard Harris
42Crunch officially released the 42Crunch API Platform, an API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices.
This follows the launch of the free API Contract Security Audit tool at APISecurity.io earlier this month. The tool helps API d...
Running applications directly from Cohesity now possible
Monday, March 4, 2019 by Richard Harris
Cohesity announced new capabilities that empower enterprises to run applications from Cohesity as well as third parties directly on the Cohesity DataPlatform. This milestone is a big step forward in empowering enterprises to derive insights from their most valuable business asset, their data.
This is the first time that enterprises are able to run applications ...
This DDoS report could help you avoid a security disaster
Thursday, January 10, 2019 by Christian Hargrave
MazeBolt Technologies, the company offering DDoS threat assessment, has released ”The State of DDoS Protection Report,” the first global independent report about DDoS mitigation effectiveness.
”Since DDoS mitigation started in the late 1990s, enterprises have had little to no visibility on how effective their DDoS mitigation actually is,” said...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
What does the Kubernetes privilege escalation flaw mean
Tuesday, December 4, 2018 by Richard Harris
Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.
Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....