Vulnerabilities in Apple products alert
Monday, September 30, 2024 by Richard Harris
CERT-In has recently issued Advisory CIAD-2024-0046, highlighting multiple high-severity vulnerabilities in Apple products. The vulnerabilities affect a wide range of Apple software, including iOS versions prior to 18, iPadOS versions prior to 18, macOS Sonoma versions prior to 14.7, macOS Ventura versions prior to 13.7, and the upcoming macOS Sequoia versions prior to ...
GenAI cybersecurity assistant lands from IBM
Friday, August 16, 2024 by Freeman Lightner
IBM recently announced the introduction of generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM's watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification,...
Secure software development education report from the Linux Foundation
Wednesday, August 7, 2024 by Richard Harris
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores&n...
Geo-Fraud Detection mobile app by Appdome
Friday, August 2, 2024 by Freeman Lightner
Appdome announced it has enhanced its Geo-Fraud Detection service to include two new defenses: Geo-Location Fencing and Geo DeSync Attack Detection. Combined with other Geo-Compliance features available on the Appdome platform, mobile app developers and enterprises can eliminate location-based fraud, ensure geo-compliance and deliver location relevant use...
Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
Software delivery lifecycle security predictions from OpsMx
Wednesday, December 20, 2023 by Richard Harris
Heading into 2024, enterprises face mounting security concerns related to data breaches, evolving privacy regulations, and their increasing reliance on the cloud and software service providers. As such, they are under increasing pressure to secure the software delivery lifecycle and better understand where the threats are coming from and what their vulnerabilities are. ...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
How people respond to ransomware attacks
Monday, April 10, 2023 by David Carvalho
Ransomware attackers extorted $456.8 million from victims in 2022, 40% down from the $765.6 million in the previous year. However, before we clink glasses to celebrate victory, there are some significant caveats to consider. The recent hack of Euler Finance where $135 million in staked Ether tokens (stETH), was drained from the protocol, is a case in point. How organiza...
Identity will hold the keys to the kingdom for cybercriminals
Wednesday, February 8, 2023 by Brittany Hainzinger
In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chai...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Christian Hargrave
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
Five technology trends to look for in 2023 according to Jitterbit
Friday, January 13, 2023 by Richard Harris
Sometimes the pace of work can get so fast that it can be hard for business leaders to slow down long enough to really scrutinize the technologies and tools that are shuttling their business along. Yet it's crucial to understand the latest technology trends because those technologies are precisely the engines that have the power to help organizations keep up the pac...
Mitigating API attacks in 2022
Wednesday, January 5, 2022 by Richard Harris
Nathanael Coffing, co-founder and CSO of Cloudentity, is also a board member. Nathanael has over 20 years of management and architecture experience across identity, security, microservices, and IT domains. Prior to founding Cloudentity, he founded OrchIS.io and helped build numerous technology startups leveraging his experience at Sun, Oracle, Imperva, Washington Mutual...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Christian Hargrave
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
Being careful about 3rd party APIs
Monday, August 24, 2020 by Ameya Talwalkar
Over the past couple of years, we’ve seen a marked shift in the nature of API traffic from being largely driven by human actions to be increasingly machine-driven. While it used to take a human to click something on a website to trigger an API call and response, there are now sites and apps where upwards of 98% of total traffic is the result of bots -- some legiti...
Best Practices for Kubernetes deployments from Portshift
Monday, January 27, 2020 by Richard Harris
Portshift presents five security best practices for DevOps and development professionals managing Kubernetes deployments. Integrating these security measures into the CI/CD pipeline will assist organizations in the detection and remediation of security issues earlier in the development process, allowing faster and shorter cycles while assuring safe and secure deployment...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
API Manager 3 from WSO2 released
Monday, November 18, 2019 by Richard Harris
APIs are the essential building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving new demands for organizations to create and monetize APIs and API products; maximize adoption and reuse across internal and external portals and API marketplaces; and ensure API s...
Crowdsourced security and bug bounty adoption is spreading
Monday, May 20, 2019 by Richard Harris
There continues to be a fundamental imbalance in cybersecurity. Attackers are finding new ways to penetrate cyber defenses as targets proliferate to the cloud, mobile, and connected devices. Defenders need to take a proactive security approach.
The evolving threat landscape and the ever-widening security skills gap are giving rise to new approaches such as crowdsourc...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
Detect eavesdropping in your mobile app with TrustKit
Wednesday, July 11, 2018 by Christian Hargrave
Data Theorem, Inc. announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights. In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 p...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
Rapid production debugging solution launches by Rookout
Monday, April 30, 2018 by Richard Harris
Rookout has announced their launch and $4.2 million in funding by TLV Partners and Emerge. Using Rookout, a company can tackle bugs and understand issues by collecting and pipelining data on-demand, without any need for coding, re-deploying or restarting their applications.Tackling a bug or an issue often means writing extra code, testing it, getting it approved, pushin...
Forrester recognizes Prevoty for it's RASP
Monday, April 2, 2018 by Richard Harris
Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...
Progressive web apps vs native apps: Showdown in 2018
Thursday, March 1, 2018 by Andrew Gazdecki
Apps have become an integral part of any brand's digital marketing efforts. You'd be hard-pressed to find a company that hasn't, at the very least, thought about developing an app. It would be even more difficult to find a company willing to deny the tremendous impact that an app can have on a brand's engagement and customer experience.
Given th...
IBM Linuxonly mainframe delivers breakthrough security
Friday, September 15, 2017 by Richard Harris
IBM unveiled their LinuxONE Emperor II, the next generation of its family of Linux-only enterprise systems, which delivers new capabilities aimed at helping organizations rapidly and securely address unpredictable data and transaction growth.A key feature of the new LinuxONE Emperor II, IBM Secure Service Container is an exclusive LinuxONE technology that represents a l...
Tips for securing container deployments
Friday, September 1, 2017 by Richard Harris
Container deployments are still susceptible to the regular threats that other types of deployments are - including DDoS and cross-site scripting attacks. In fact, hackers often take advantage of compromised containers to scan sensitive data, download malware, or privilegeunauthorized access to any of your containers, hosts or data centers.Fei Huang is the CEO of NeuVect...
VASCO launches overlay detection in DIGIPASS
Thursday, June 22, 2017 by Richard Harris
VASCO Data Security International, Inc., a provider of identity, security and business productivity solutions, has announced its ability to help organizations detect and mitigate mobile application overlay attacks through added functionality in the DIGIPASS for Apps Runtime Application Self-Protection (RASP) module.Overlay attacks are increasingly being deployed to stea...
Many fintech DevOps are not enforcing security
Tuesday, June 6, 2017 by Christian Hargrave
Venafi has announced the results of a study on the cryptographic security practices of DevOps teams in the financial services industry. Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, whi...
The Netflix hack: A chat about securing your company
Wednesday, May 10, 2017 by Richard Harris
As the digital transformation progresses onwards, the unfortunate side effects are becoming blatantly obvious in the news. It seems like every other day that some new big box company, political party, or individual has their information compromised. But even though only the few biggest companies get the real media attention, hundreds of millions of hacking attempts are ...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
ImmuniWeb Mobile launches to offer better mobile security testing
Wednesday, March 15, 2017 by Richard Harris
High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...