Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The Apache HTTP Server 2.4.52 is listed as urgent and CISA is calling on user to “update as soon as possible.” [Read More]
A long-term phishing experiment at a 56,000-employee company ends with a caution around the use of simulated phishing lures in corporate security awareness training exercises. [Read More]
Researchers warn that the vulnerability has existed since September 2017 and has likely been exploited in the wild. [Read More]
French video game company Ubisoft this week confirmed that 'Just Dance' user data was compromised in a recent cybersecurity incident. [Read More]
As the scale and impact of the Log4j security crisis become clearer, defenders brace for a long, bumpy ride filled with software-dependency headaches. [Read More]
The APT has been observed conducting espionage campaigns against organizations in government, healthcare, high-tech, and transportation sectors in Hong Kong, the Philippines, and Taiwan. [Read More]
Citizen Lab has discovered another player in the controversial mobile spyware business, blaming a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants. [Read More]
Security researchers at Google’s Project Zero picks apart the notorious FORCEDENTRY iPhone exploit and finds a never-before-seen hacking roadmap for which there is no defense. [Read More]
Fresh off a high-profile legal triumph over Apple, Corellium gets major attention from investors with Paladin Capital Group leading a $25 million funding round. [Read More]
The API security company became Unicorn one year after emerging from stealth. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?