Increasing cyber threats from artificial intelligence
Wednesday, October 9, 2024 by Freeman Lightner
The UK Cybersecurity M&A market has grown significantly over the past decade, with the deal volume trend line increasing, and the sector continuing to attract significant investment from Private Equity, alongside larger corporates consolidating emerging technologies to counter increasingly sophisticated threats.
The UK National Cyber Security Centre has...
AI regulations in software development
Tuesday, August 27, 2024 by Richard Harris
AI is rapidly changing the software development field, making clear regulations essential to prevent risks like data breaches and ensure ethical practices. These regulations are also key to reshaping developer roles while preserving the need for human expertise.
AI regulations in software development
The implementation of formal AI policies within companies is cri...
AWS introduces Mithra advanced threat intelligence neural network
Thursday, August 15, 2024 by Freeman Lightner
In a recent blog post from AWS, Amazon Chief Information Security Officer CJ Moses detailed the robust threat intelligence capabilities that safeguard AWS customers. Through tools like Mithra and MadPot, AWS collects and analyzes vast data, identifying and neutralizing threats with unparalleled accuracy and speed. AWS's proactive approach to sharing high-fidelity th...
Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
Epic Games defeats Google in court
Thursday, April 18, 2024 by Richard Harris
In a twist that sounds straight out of a high-stakes courtroom drama, Epic Games has thrown down the gauntlet with a bombshell injunction proposal aimed at shaking up Google Play's entire rulebook. This comes hot on the heels of their David-versus-Goliath victory over Google in December, where a U.S. jury cast the tech behemoth as the big bad monopoly wolf of Androi...
ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
Cybersecurity performance optimization updates from Logpoint
Friday, February 2, 2024 by Freeman Lightner
Logpoint is releasing new capabilities to its Converged SIEM platform, enhancing threat detection and security operations and streamlining case management. Organizations can focus on essential security matters with the new capabilities by reducing workload, simplifying automation, and freeing up resources.
The new release delivers increased system stability and ...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Is Temu safe, legit, or dangerous: Perspective from an app developer
Wednesday, July 12, 2023 by Richard Harris
Temu is a shopping website, and app chalked full of products from overseas at ridiculously dirt cheap prices. They have almost everything you can imagine too. From laser pointer slingshots to Expresso makers, the entire ecosystem is built around keeping you shopping with a gamified experience, and it gets addicting quickly.
Some of the ADM staff have placed orders an...
Fake app reviews impact developers more than you think
Thursday, June 29, 2023 by Freeman Lightner
Developers are well aware that a significant portion of online reviews for products and services, including those on popular platforms like Amazon, eBay, and TripAdvisor, are in fact fake. The issue of fake app reviews has become an increasingly pressing concern. These deceptive reviews have wide effects on both developers and consumers alike, significantly impacting th...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
Zero trust policies for software releases could be key
Thursday, December 8, 2022 by Gopinath Rebala
Today’s integrated DevOps methodology offers businesses the promise of accelerating innovation by providing customers and employees with new application capabilities faster. However, this approach can also increase risks associated with cybercrime and the failure to comply with rapidly evolving privacy regulations. As a result, minimizing security risk during the ...
Traceable AI and ArmorCode integration
Wednesday, August 24, 2022 by Brittany Hainzinger
ArmorCode has announced an integration with Traceable AI which will bring its data into the ArmorCode platform and improve Application Security Posture from code to cloud.
To move at the speed of business, modern applications are increasingly powered by APIs to deliver functionality. The challenge is that each new API must be secured and as the number of APIs in...
Fewer apps in Google Play Store than 4 years ago
Thursday, April 28, 2022 by Brittany Hainzinger
A TradingPlatforms.com analysis shows there are fewer applications in Google's Play Store today than four years ago. The site presented data showing that the store's app numbers had fallen by a million.
Data shows fewer apps in Google Play Store than 4 years ago
Google Play Store hosted 2,591,578 applications by March this year. This figure is a 28% drop f...
Intelligent IoT Network lands from Aeris
Tuesday, February 15, 2022 by Richard Harris
Aeris, the Internet of Things (IoT) solutions provider has announced the next generation of its Intelligent IoT Network, a unique suite of Machine Learning and Artificial Intelligence (AI)-based capabilities that enable superior global IoT connectivity and network performance, increased security performance, and best-in-class IoT network support. The Aeris Intelligent I...
Mobile market 2021 highlights
Thursday, February 3, 2022 by Freeman Lightner
At the end of the year everyone was talking about the future and making predictions, but what about the highlights of 2021? Last year was rich in sensations, new names appeared on the market, and many industry giants cooperated to enhance their power or work on large-scale joint projects. Apptica compiled a selection of the most significant events, cases, and changes th...
Mitigating API attacks in 2022
Wednesday, January 5, 2022 by Richard Harris
Nathanael Coffing, co-founder and CSO of Cloudentity, is also a board member. Nathanael has over 20 years of management and architecture experience across identity, security, microservices, and IT domains. Prior to founding Cloudentity, he founded OrchIS.io and helped build numerous technology startups leveraging his experience at Sun, Oracle, Imperva, Washington Mutual...
Low code platform Zenity lands $5M in funding
Wednesday, December 8, 2021 by Christian Hargrave
Zenity exited stealth mode with a $5 million seed funding round, led by Vertex Ventures and UpWest, and backed by top executives such as the former CISO of Google, Gerhard Eschelbeck, and former CIO of SuccessFactors, Tom Fisher. With Zenity, businesses can promote citizen development and adopt Low-Code/No-Code platforms while avoiding critical data exfiltration or disr...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
SnykCon 2021 event lineup
Friday, September 24, 2021 by Randall Degges
We're only a few weeks away from SnykCon 2021, Snyk's free annual developer conference that helps you learn how to build applications securely running October 5-7. We have a packed agenda full of expert talks, hands-on workshops, helpful demos, product roadmaps, opportunities to interact with some of the smartest speakers and leaders of developer security i...
How smart contracts and AI could work together
Monday, September 20, 2021 by Guido Santos
It’s a common refrain within IT teams: challenges with data management can inhibit business agility and slow AI-driven innovation to a crawl. Why? Because as data grows and complexifies, proper data management becomes increasingly time-consuming and effort-intensive. This type of data conundrum is what keeps Data Scientists awake at night (and not just figurativel...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
GitHub secrets reveal API keys, usernames, passwords, and more exposed
Tuesday, March 30, 2021 by Richard Harris
Over two million secrets have been detected on public GitHub in 2020 and this number is growing 20% Year-Over-Year, a GitGuardian State of Secrets Sprawl on GitHub Report shows.
This growing volume of sensitive data or secrets, like API keys, private keys, certificates, usernames and passwords end up publicly exposed on GitHub, putting corporate security at...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
Security and reliability become one for APIs in 2021
Tuesday, January 19, 2021 by Freeman Lightner
Reliability -- especially for APIs -- is growing because our reliance on APIs is growing, while at the same time how we develop software has changed. Modern software stacks are written as a collection of microservices, with each service written in a type-safe language that better guards against low-hanging vulnerabilities. However, it also makes reasoning about how...
Why blockchain is the future
Friday, January 15, 2021 by Richard Harris
The fears from the pandemic have naturally placed more focus on wearables helping us monitor our health, fitness, and keeping us better connected.
Companies such as Apple, Samsung, Fitbit, and others are flooding the market with health and fitness devices to help mankind to stay healthy and happier. I believe we will see even more companies entering this space and mo...
Zero trust security will prevail in 2021
Wednesday, January 6, 2021 by Brittany Hainzinger
Zero-trust security (when organizations stop trusting their people and services in an IT environment) will become the prevailing model for organizations in 2021. With more companies moving to distributed architectures, technology teams need a scalable way to make security foolproof while managing a growing number of microservices and greater complexity. Companies s...
How to avoid mobile phone apps from leaking your personal data
Wednesday, November 18, 2020 by Brittany Hainzinger
Most people have dozens of mobile phone apps installed on their phone, tablet, or even their smartwatch. In fact, the average person has about 60 to 90 mobile phone apps on their phone. Out of all those apps, many of them could be leaking your personal data. How can you protect yourself? One of the primary ways is by installing a VPN, but there are other ways, too. Here...
Being careful about 3rd party APIs
Monday, August 24, 2020 by Ameya Talwalkar
Over the past couple of years, we’ve seen a marked shift in the nature of API traffic from being largely driven by human actions to be increasingly machine-driven. While it used to take a human to click something on a website to trigger an API call and response, there are now sites and apps where upwards of 98% of total traffic is the result of bots -- some legiti...
To encrypt or not encrypt legacy devices no longer a choice
Thursday, March 19, 2020 by Freeman Lightner
Encryption forms a strong layer of protection for our data and a last line of defense against cybercrime. By deploying encryption, users can render their data unreadable if it is compromised. Whether that means hackers intruding into the network, or an employee unwittingly exposing sensitive information, the data will be useless to any unauthorized agents who happe...
Dangers of quantum hacking
Tuesday, February 11, 2020 by Richard Harris
Active Cypher has built a password-hacking quantum computer to demonstrate the dangers of quantum hacking.
Using $600 worth of hardware parts easily purchased online or at a local electronics store, Active Cypher’s founder and CTO, Dan Gleason, created a portable quantum computer dubbed QUBY (named after qubits, the basic unit of quantum information). QUBY runs...
Microsoft DART team tracks 77k active web shells
Thursday, February 6, 2020 by Brittany Hainzinger
In a blog post promoting the capabilities of its commercial security platform, Microsoft said that on a daily basis the company's security team detects and tracks on average around 77,000 active web shells, spread across 46,000 infected servers.
According to ZDNet, these numbers are staggering, since the 77,000 figure is far larger than any previous reports about...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...