Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Valence has emerged from stealth mode with $7 million in seed funding and a platform designed to help organizations manage risks from third-party integrations and secure app-to-app connectivity. [Read More]
With 6,000 out of 30,000 observed clusters of activity, GandCrab emerged as the most active ransomware family wreaking havoc on the Windows ecosystem. [Read More]
The botnet downloads and installs a Monero miner onto the compromised systems and is also capable of installing a rootkit and executing commands. [Read More]
The Linux Foundation has secured a $10 million investment to expand the operations of the Open Source Security Foundation (OpenSSF). [Read More]
Tech giants Intel and VMware joined the security patch parade this week, rolling out fixes for flaws that expose users to malicious hacker attacks. [Read More]
Apple has published a 30-page threat analysis report to explain why sideloading would pose serious privacy and security risks to iPhone users. [Read More]
Full video of panel discussion from SecurityWeek's 2021 CISO Forum on navigating software bill of materials (SBOM) and supply chain security transparency. [Read More]
Identified in the open source SSH key generation library, the vulnerability affects keys issued using GitKraken versions 7.6.x, 7.7.x, and 8.0.0. [Read More]
Weir Group says the attack forced it to isolate and shut down systems and that engineering applications were only partially restored. [Read More]
Redmond threat hunters technical details on UNC-0343, an Iran-linked apex actor using password spraying to break into Office 365 accounts since at least July 2021. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.