CSO Magazine

JUNE 7, 2023

As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad. To read this article in full, please click here

Software 77

Software Technology 77

CSO Magazine

MAY 9, 2022

Because of DevOps’ agile, continuous, and fast nature, building in security is essential, but many organizations struggle to do so. These tools help organizations to help keep security embedded within DevOps organizations by making developers, operations teams, and security teams on the same page when it comes to managing risks.

Risk 113

Risk 113

Security Affairs

JULY 17, 2023

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. The issue is a deserialization of untrusted data that was discovered by the security researcher Nicolas Zilio from CrowdStrike.

Authentication 98

Authentication Hacking Cybersecurity Information Security 98

Security Affairs

DECEMBER 14, 2021

The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks. arbitrary code execution and memory leak in the context of the current user.???. arbitrary code execution and memory leak in the context of the current user.???. Adobe has addressed three ?critical?

Hacking 111

Hacking Information Security 111

Veracode Security

FEBRUARY 17, 2022

In other words, an attacker can change a database query to: Read sensitive data Modify the database Execute other database functions Break authentication Lead to remote code execution Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often.

Authentication 136

Authentication Information Security 136

The Last Watchdog

OCTOBER 4, 2023

In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an approach they coined as “proactive security.” Last Watchdog followed up with Braunberg to ask him, among other things, what RBVM solutions signal about the ramping up of proactive security.

Risk 198

Risk Marketing Software Network Security 198

SecureList

MARCH 12, 2024

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. We compared vulnerabilities discovered with and without access to application source code. Broken Access Control 2.

Passwords 100

Passwords Authentication Architecture Risk 100

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 137

Ransomware Encryption Malware Hacking 137

Security Affairs

MAY 28, 2022

Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The malicious code distributed by the APT group includes hardcoded IP addresses and ports for the targets.

DDOS 141

DDOS Malware Phishing Hacking 141

Security Affairs

JUNE 3, 2022

Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. .

Internet 142

Internet Internet Authentication Hacking 142

eSecurity Planet

DECEMBER 7, 2022

Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just today, security and compliance automation firm Drata announced a $200 million Series C funding round that brings the company’s valuation to $2 billion, doubling its $1 billion valuation from its Series B round last year.

Cybersecurity 123

Cybersecurity Risk Technology Ransomware 123

Veracode Security

SEPTEMBER 19, 2023

Developing and maintaining secure code at scale is hard. Having the right Static Application Security Testing (SAST) solution makes it easier, but how are practitioners to choose? Veracode earns the top scores across the Current Offering, Strategy, and Market Presence (tied) categories.

Marketing 52

Marketing 52

Security Boulevard

DECEMBER 28, 2021

It’s been four years since OWASP updated its Top 10 list , but this year we got three brand new categories along with a reshuffling of the rest. Rather than focusing on specific vulnerabilities (or the symptoms of problematic coding from a security perspective), OWASP has opted instead to focus on higher-level categories of vulnerabilities.

Software 112

Software Risk Authentication 112

Google Security

JANUARY 31, 2024

Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security Team The AI world moves fast, so we’ve been hard at work keeping security apace with recent advancements. We used LLMs to write project-specific code to boost fuzzing coverage and find more vulnerabilities.

Engineering 88

Engineering Software Technology 88

CyberSecurity Insiders

OCTOBER 10, 2021

In September this year, the update happened as the nonprofit Open Web Application Security Project refreshed the content of the OWASP Top 10 2021 website. It is now regarded as the most serious web application security risk based on the data contributed to OWASP’s threat intelligence, which shows that 3.81 The Rise of Insecure Design.

Cyber threats 117

Cyber threats Cyber Attacks Software Risk 117

Approachable Cyber Threats

NOVEMBER 29, 2021

Category Awareness Risk Level. What’s a QR code?” You may have seen QR codes before: they’re a type of barcode with a matrix of scattered black and white pixels instead of vertical lines. Most mobile devices can actually scan a QR code with the built-in camera and automatically open a webpage, which therein lies the danger.

Mobile 98

Mobile Risk Cybersecurity Technology 98

Security Affairs

JULY 19, 2022

Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The apps have been installed by 100.000+ users, according to the security firm. “The tools and communication were among the most targeted categories covering the majority of the Joker-infected apps. Pierluigi Paganini.

Malware 121

Malware Spyware Banking Mobile 121

CyberSecurity Insiders

DECEMBER 15, 2022

The company has expanded its end-to-end encryption to 23 of iCloud data categories that include cloud backups, notes, and photos along with Apple Music Sing, and Freeform. The post Apple offers new data security protections on iPhones appeared first on Cybersecurity Insiders.

Backups 88

Backups Data breaches Accountability Encryption 88

The Last Watchdog

OCTOBER 30, 2023

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. LW: From a macro level, do security teams truly understand their EDRs?

Engineering 276

Engineering Mobile Internet Internet 276

Daniel Miessler

MAY 15, 2023

Purpose The purpose of the this resource is to give the general public, and offensive security practitioners specifically, a way to think about the various attack surfaces within an AI system. Models Attacking models is the most mature thing we have in the AI security space. Attacks This brings us to the specific attacks.

Technology 364

Technology Internet Internet Mobile 364

Cisco Security

SEPTEMBER 16, 2021

As a proud partner of the Black Hat USA NOC , Cisco deployed multiple technologies along with the other Black Hat NOC partners to build a stable and secure network for the conference. We used Cisco Secure Malware Analytics to analyze files and monitor any potential PII leaks.

DNS 105

DNS Authentication Technology Malware 105

Malwarebytes

DECEMBER 10, 2021

Multi-factor authentication requires at least two different forms of authentication, from at least two out of three fairly broad categories: The “something you know” category is the factor we are most familiar with. These fall into the “something you have” category, because you need physical access to the phone to approve the login.).

Authentication 90

Authentication Passwords Phishing Accountability 90

SiteLock

AUGUST 27, 2021

The variables fall into three key categories: complexity, composition, and popularity. Each category is rated as either high, medium, or low risk. A lot of different pieces can come together to form a complex website, which can increase your risk of a security breach. The security of your website is in the hands of another.

Small Business 98

Small Business Risk Software Cybersecurity 98

Anton on Security

JUNE 10, 2022

As I was looking at the security vendors and their technologies, I realized that security vendors that apparently peaked in relevance, say, in the mid-2000s had huge booths and did brisk business, selling whatever they sold before. Serving the past is good business in security! Cloud security is very visible!

VPN 189

VPN Marketing Firewall Passwords 189

Security Affairs

JUNE 9, 2020

Adobe has released security updates to address vulnerabilities in its Flash Player, Framemaker and Experience Manager products. Adobe has released security updates to address ten vulnerabilities in its Adobe Flash Player, Adobe Experience Manager, and Adobe Framemaker products. ” reads the security advisory published by Adobe.

Advertising 77

Advertising Cybersecurity Information Security Hacking 77

Security Affairs

APRIL 13, 2021

Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Hacking 100

Hacking Information Security Malware 100

Security Affairs

MAY 11, 2021

Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate. “Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.

Software 128

Software Media Hacking Information Security 128

Google Security

FEBRUARY 1, 2023

Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016 , Google's free OSS-Fuzz code testing service has helped get over 8800 vulnerabilities and 28,000 bugs fixed across 850 projects. Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.

Software 90

Software 90

The Last Watchdog

MARCH 24, 2022

From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too. First, make a list of all of the sites you have a username and password for, and then put those sites into categories. Next, remember your categories? And finding that password is even easier.

Passwords 133

Passwords Password Management Banking Accountability 133

Security Affairs

APRIL 7, 2021

Another researcher who uses the handle OV earned $200,000 for a Microsoft Teams code execution exploit and received 20 Master of Pwn points for his findings. Then Jack Dates from RET2 Systems chained an integer overflow in Safari and an out-of-bounds Write issue to achieve kernel code execution. million in cash and other prizes.

Authentication 63

Authentication Hacking Information Security Malware 63

Approachable Cyber Threats

MAY 23, 2022

Category Guides, Cybersecurity Fundamentals. We only have one person that knows how to fix this code.” “We Technical debt is the result of taking shortcuts to meet short-term objectives at the expense of long-term flexibility and security. Risk Level. Don’t worry about that documentation for now.” “We

Cybersecurity 98

Cybersecurity Risk Government 98

Security Affairs

MAY 12, 2020

Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit. Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass. Arbitrary Code Execution????????

Software 91

Software Advertising Hacking 91

Security Affairs

MARCH 22, 2021

The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers to take over the ERP system. Unsafe deserialization occurs when malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized.

Software 111

Software Hacking Information Security Malware 111

eSecurity Planet

SEPTEMBER 16, 2021

OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The Open Web Application Security Project (OWASP) is a nonprofit foundation and an open community dedicated to security awareness.

Authentication 113

Authentication Penetration Testing Firewall Security Awareness 113

Security Affairs

JUNE 19, 2022

In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. ”When a callable class and method is supplied as a Merge Tag, the function is called and the code executed. ” added the researchers.

Hacking 120

Hacking Cybersecurity Information Security 120

CyberSecurity Insiders

AUGUST 13, 2022

Cyber predictions on security threats, on both the individual and organizational level, often highlight breaches in the defenses that protect data and personal information held by organizations. The creation of the policy is as important to data protection as prioritizing cloud network security , or vetting potential employees.

Marketing 114

Marketing eCommerce Risk Financial Services 114

Security Affairs

JULY 20, 2023

 The vulnerabilities could lead to arbitrary code execution and security feature bypass. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-38204 Improper Access Control ( CWE-284 ) Security feature bypass Critical 7.5 This flaw is an Improper Access Control that could lead to a security feature bypass.

Authentication 73

Authentication Hacking Software Information Security 73