Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Adobe warns that a "priority 1" security flaw has been exploited in the wild in “limited attacks targeting Adobe Reader users on Windows.” [Read More]
Researchers at Kaspersky warn that a new rootkit is being used as part of the ongoing 'TunnelSnake' campaign targeting entities in Asia and Africa since 2019. [Read More]
Twilio joins HashiCorp in confirming collateral damage from the CodeCov supply chain attack but details remain scarce. [Read More]
The U.S. Department of Defense has put all public-facing websites and applications in scope for an expanded vulnerability disclosure program. [Read More]
The StackRox community upstream project will open source and manage Red Hat Advanced Cluster Security for Kubernetes code. [Read More]
The embattled VPN vendor provides cover for CVE-2021-22893, a major security flaw being exploited by advanced threat actors. [Read More]
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector. [Read More]
A task force from the Institute for Security and Technology recommends a comprehensive framework for preparing for, disrupting, and responding to ransomware attacks. [Read More]
DevSecOps company Sysdig raises $188 million in a Series F funding round and becomes a cybersecurity unicorn with a valuation of $1.19 billion. [Read More]
Late-sage anti-fraud startup Sift is the 11th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.