DevOps threats report released from GitProtect io
Monday, August 12, 2024 by Brittany Hainzinger
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities,
and, as a result, data loss are the reality that DevSecOps teams have to face...even every
few days.
The State of DevOps threats report - teams affected every few days
GitProtect.io recently presented its studies on the most severe incidents affecting tools like GitHub...
Developers and brands must make mobile apps far more secure
Tuesday, January 17, 2023 by Austin Harris
The bad guys are still breaking digital windows and kicking down digital doors, so to speak, and will continue well into 2023 and beyond!
Consumers through experience or gut instinct will demand that their mobile app providers deliver key security features including trying to stop the increasingly prevalent "man-in-the-middle" attacks. The latest techn...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
SnykCon 2021 event lineup
Friday, September 24, 2021 by Randall Degges
We're only a few weeks away from SnykCon 2021, Snyk's free annual developer conference that helps you learn how to build applications securely running October 5-7. We have a packed agenda full of expert talks, hands-on workshops, helpful demos, product roadmaps, opportunities to interact with some of the smartest speakers and leaders of developer security i...
Faster customer integrations from HackerOne
Thursday, July 29, 2021 by Freeman Lightner
Tray.io has announced that HackerOne is using Tray Embedded to develop and deliver powerful customer integrations at scale. With Tray Embedded, HackerOne quadrupled its integration delivery speed to maximize developer efficiency and reduce the integration maintenance burden. Armed with seamless integrations, HackerOne customers can spend less time context-switching...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
Denuvo has joined the PlayStation 5 Tools and Middleware program
Wednesday, March 10, 2021 by Brittany Hainzinger
As security and innovation collide, Denuvo by Irdeto announces it has joined the exclusive PlayStation®5 Tools and Middleware program. Denuvo offers its Anti-Cheat solution through this program to publishers and developers whose games are available on PlayStation®5.
Denuvo is at the forefront of games security with over 2 billion unique game installs pro...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
HackNotice announces threat intelligence platform
Friday, September 18, 2020 by Brittany Hainzinger
HackNotice announced the launch of HackNotice Teams, a cybersecurity management platform powered by actionable threat intelligence and an industry solution to foster a company-wide culture of security. Built on HackNotice Premium’s technology, HackNotice Teams scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in ...
Datagran launches no-code platform
Tuesday, July 14, 2020 by Brittany Hainzinger
Datagran introduced its flagship platform. Designed to empower developers and growth hackers within data intensive companies, the Datagran platform allows companies to accelerate time-to-market for existing and new products and reduce the total number of tools needed to meet their business goals - without the need to write code and build APIs.
Many companies today ar...
One Identity Safeguard now supports Microsoft SQL Server
Friday, May 1, 2020 by Brittany Hainzinger
One Identity announced that its One Identity Safeguard solution now supports Microsoft SQL Server 2017 and SQL Server 2019 database environments. Microsoft was positioned as a Leader in the 2019 Gartner Magic Quadrant for Operational Database Management Systems*. With One Identity Safeguard, organizations can for the first time securely manage, monitor, record and audit...
To encrypt or not encrypt legacy devices no longer a choice
Thursday, March 19, 2020 by Freeman Lightner
Encryption forms a strong layer of protection for our data and a last line of defense against cybercrime. By deploying encryption, users can render their data unreadable if it is compromised. Whether that means hackers intruding into the network, or an employee unwittingly exposing sensitive information, the data will be useless to any unauthorized agents who happe...
Dangers of quantum hacking
Tuesday, February 11, 2020 by Richard Harris
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking.
Using $600 worth of hardware parts easily purchased online or at a local electronics store, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs...
Microsoft DART team tracks 77k active web shells
Thursday, February 6, 2020 by Brittany Hainzinger
In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.
According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Threat of quantum computing hackathon to award $100,000
Monday, November 25, 2019 by Richard Harris
Communique Laboratory Inc. launched its quantum hackathon tackling the threat of quantum computing. Cybersecurity companies, computer science students and hackers have begun challenging the Company’s ‘quantum-safe’ encryption in a $100,000 hackathon.
The Company hosted an innovation celebration event with technology presentations from industry...
API Manager 3 from WSO2 released
Monday, November 18, 2019 by Richard Harris
APIs are the essential building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving new demands for organizations to create and monetize APIs and API products; maximize adoption and reuse across internal and external portals and API marketplaces; and ensure API s...
What Render announced at TechCrunch Disrupt SF's Startup Battlefield
Thursday, October 3, 2019 by Freeman Lightner
Render announced three major additions to its platform - Disks, Infrastructure as Code in the form of render.yaml and Deploy To Render button - onstage at TechCrunch Disrupt SF’s Startup Battlefield. Startup Battlefield showcases the most promising early-stage and fundamentally disruptive startups.
When it comes to hosting applications in the cloud, developers ...
IBM's z15 launches with Data Privacy Passports
Friday, September 13, 2019 by Freeman Lightner
Against a backdrop of global privacy breaches, with the cost of each security breach in the U.S. clocking in on avg $8.2 million, IBM launched "z15", the enterprise platform that delivers the ability to fully manage the privacy of customer data across hybrid and multi-cloud environments.
As part of the launch, IBM is announcing Data Privacy Passports, ...
AIPowered protection for APIs
Thursday, June 20, 2019 by Richard Harris
The proliferation of APIs catalyzed by digital transformation initiatives is viewed as a virtual goldmine by hackers, who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by co...
Acronis gives developers early access to new cyber platform
Monday, April 29, 2019 by Brittany Hainzinger
Acronis announced the opening of its core platforms, enabling broad, third-party developer access to the Acronis Cyber Platform to encourage expanded functionality and application integrations while expanding their opportunities in Acronis’ large ecosystem.
The Acronis Cyber Platform, which is the foundation of the company’s existing services, features a ...
WordPress plugin vulnerabilities are a hackers playground
Wednesday, April 10, 2019 by Bryan Becker
What do TechCrunch, BBC America, PlayStation and MTV News all have in common?
Each of their websites is powered by WordPress.
Over 74.6 million, or roughly 30 percent, of the world’s websites, depend on WordPress to power their online platforms. Every second there are over six new WordPress.com posts and over 47,000 plugins, with the number growing daily. Wh...
Corona labs goes open source and developers are nervous
Tuesday, January 8, 2019 by Richard Harris
Corona Labs, which provides a free cross-platform mobile development tool used to create 2D applications, has announced that after years of planning, the Corona game engine will finally be released as an open-source project. Corona Labs expects that by making their engine an open-source project, issues like adaptation to sudden market changes, updates, and requirements ...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
A quantum blockchain can stop quantum computing from hacking it
Monday, August 13, 2018 by John Wu
We have yet to see the full promise of Blockchain play out but companies and scientists are already close to launching a technology that could theoretically break it: quantum computers.
Such machines can compute data exponentially faster than traditional computers. Earlier this year, Google began testing Bristlecone, a quantum computer chip that its creators think wi...
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Austin Harris
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
Questioning the future of privacy and the safety of personal identity
Thursday, June 28, 2018 by Richard Harris
While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.
These findings and more are outlin...
Key takeaways from CA Technologies Built to Change Summit 2018
Friday, June 8, 2018 by Austin Harris
The CA Technologies’ 2nd annual Built to Change Summit(BTC) lead to the release of a whole bunch of exciting new technology and research projects pertaining to DevOps, GDPR regulations, Agile project management, and more. The overall theme of the event being to make their development platforms “frictionless” for their users, allowing them to create and...
ZipperDown vulnerability puts thousands of iOS apps at risk
Tuesday, May 22, 2018 by Austin Harris
ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...
Supporting citizen developers to speed digital transformation
Thursday, May 10, 2018 by Bill Kennedy
More than just a buzz word, companies across the globe are embracing digital transformation to create more efficient organizations not tied to traditional software applications and to forgo the messy paper trail. Digital transformation is dependent on many factors, but in particular, cloud-based technology is largely responsible for fueling the change. Simply put, overt...