Application Security

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day 04/10/2023 at 20:16 By Ryan Naraine Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek. This article is […]

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day Read More »

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Stolen GitHub Credentials Used to Push Fake Dependabot Commits 27/09/2023 at 17:17 By Ionut Arghire Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Stolen GitHub Credentials Used to Push Fake Dependabot Commits Read More »

Google Open Sources Binary File Comparison Tool BinDiff

Google Open Sources Binary File Comparison Tool BinDiff 27/09/2023 at 15:30 By Ionut Arghire Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub. The post Google Open Sources Binary File Comparison Tool BinDiff appeared first on SecurityWeek. This article is an excerpt from

Google Open Sources Binary File Comparison Tool BinDiff Read More »

High number of security flaws found in EMEA-developed apps

High number of security flaws found in EMEA-developed apps 27/09/2023 at 07:47 By Help Net Security Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’

High number of security flaws found in EMEA-developed apps Read More »

Code alterations more prevalent in Android apps than iOS

Code alterations more prevalent in Android apps than iOS 22/09/2023 at 07:01 By Help Net Security 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android

Code alterations more prevalent in Android apps than iOS Read More »

What AppSec and developers working in cloud-native environments need to know

What AppSec and developers working in cloud-native environments need to know 20/09/2023 at 08:05 By Help Net Security All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, making them creators and distributors

What AppSec and developers working in cloud-native environments need to know Read More »

CrowdStrike to Acquire Application Intelligence Startup Bionic

CrowdStrike to Acquire Application Intelligence Startup Bionic 19/09/2023 at 22:47 By Ryan Naraine The cash-and-stock transaction provides capabilities for CrowdStrike to beef up its enterprise cloud security portfolio. The post CrowdStrike to Acquire Application Intelligence Startup Bionic appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

CrowdStrike to Acquire Application Intelligence Startup Bionic Read More »

Generative AI lures DevOps and SecOps into risky territory

Generative AI lures DevOps and SecOps into risky territory 15/09/2023 at 06:36 By Help Net Security Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are

Generative AI lures DevOps and SecOps into risky territory Read More »

CISA Releases Open Source Software Security Roadmap

CISA Releases Open Source Software Security Roadmap 13/09/2023 at 16:47 By Ionut Arghire CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek. This article is an excerpt from

CISA Releases Open Source Software Security Roadmap Read More »

Intel Capital Bets on Zenity for Low-Code/No-Code Security

Intel Capital Bets on Zenity for Low-Code/No-Code Security 12/09/2023 at 21:02 By Ryan Naraine Israeli security startup Zenity banks $16.5 million in new venture capital funding to work on ‘low-code/no-code’ security technology. The post Intel Capital Bets on Zenity for Low-Code/No-Code Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Intel Capital Bets on Zenity for Low-Code/No-Code Security Read More »

Baseline standards for BYOD access requirements

Baseline standards for BYOD access requirements 07/09/2023 at 06:02 By Help Net Security 49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources, according to a Jamf survey. With the summer

Baseline standards for BYOD access requirements Read More »

Thousands of Popular Websites Leaking Secrets

Thousands of Popular Websites Leaking Secrets 06/09/2023 at 18:16 By Ionut Arghire Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys. The post Thousands of Popular Websites Leaking Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Thousands of Popular Websites Leaking Secrets Read More »

GitHub Enterprise Server Gets New Security Capabilities

GitHub Enterprise Server Gets New Security Capabilities 30/08/2023 at 15:31 By Ionut Arghire GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules. The post GitHub Enterprise Server Gets New Security Capabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

GitHub Enterprise Server Gets New Security Capabilities Read More »

Signs of Malware Attack Targeting Rust Developers Found on Crates.io

Signs of Malware Attack Targeting Rust Developers Found on Crates.io 28/08/2023 at 17:16 By Eduard Kovacs The Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum. The post Signs of Malware Attack Targeting Rust Developers Found on Crates.io appeared first on SecurityWeek. This article is an

Signs of Malware Attack Targeting Rust Developers Found on Crates.io Read More »

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results 17/08/2023 at 20:46 By Ryan Naraine Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage. The post Google Brings AI Magic to Fuzz Testing With Eye-Opening Results appeared first on SecurityWeek. This article is an

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results Read More »

Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns

Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns 08/08/2023 at 21:19 By Ryan Naraine Adobe rolls out a big batch of security updates to fix at least 30 Acrobat and Reader vulnerabilities affecting Windows and macOS users. The post Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns appeared first on SecurityWeek. This article is an

Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns Read More »

Apple Lists APIs That Developers Can Only Use for Good Reason

Apple Lists APIs That Developers Can Only Use for Good Reason 31/07/2023 at 21:31 By Ionut Arghire To boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs. The post Apple Lists APIs That Developers Can Only Use for Good Reason appeared first on SecurityWeek. This article is an

Apple Lists APIs That Developers Can Only Use for Good Reason Read More »

Inspiring secure coding: Strategies to encourage developers’ continuous improvement

Inspiring secure coding: Strategies to encourage developers’ continuous improvement 25/07/2023 at 07:38 By Mirko Zorz In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems. To delve deeper into this topic, we had the

Inspiring secure coding: Strategies to encourage developers’ continuous improvement Read More »

LLMs and AI positioned to dominate the AppSec world

LLMs and AI positioned to dominate the AppSec world 20/07/2023 at 07:33 By Help Net Security As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report explores emerging trends that software organizations

LLMs and AI positioned to dominate the AppSec world Read More »

Scroll to Top