Application Security - Security Ticks

OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain

OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain 07/07/2023 at 16:31 By Kevin Townsend SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. The post OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply […]

OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain Read More »

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert

Application Security, Bishop Fox, CVE-2022-31199, FBI, Malware & Threats, netwrix auditor, Ransomware / SecurityTicks

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert 06/07/2023 at 23:04 By Ryan Naraine Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. The post Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert appeared first on SecurityWeek. This article is

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert Read More »

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Application Security, CWE, MITRE, Vulnerabilities, vulnerability / SecurityTicks

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses 30/06/2023 at 15:16 By Ionut Arghire Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek. This article is an

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Read More »

Employees worry less about cybersecurity best practices in the summer

API security, Application Security, BYOD, cybersecurity, News, remote working, report, survey, ThreatX / SecurityTicks

Employees worry less about cybersecurity best practices in the summer 30/06/2023 at 04:17 By Help Net Security IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often

Employees worry less about cybersecurity best practices in the summer Read More »

Nokod Snags $8M to Secure Low Code/No-Code Custom Apps

Application Security, appsec, Compliance, Funding/M&A, low-code/no-code, Nokod / SecurityTicks

Nokod Snags $8M to Secure Low Code/No-Code Custom Apps 29/06/2023 at 16:47 By Ryan Naraine Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications. The post Nokod Snags $8M to Secure Low Code/No-Code Custom Apps appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Nokod Snags $8M to Secure Low Code/No-Code Custom Apps Read More »

CISA, NSA Share Guidance on Securing CI/CD Environments

Application Security, Security Architecture / SecurityTicks

CISA, NSA Share Guidance on Securing CI/CD Environments 29/06/2023 at 15:17 By Ionut Arghire New guidance from CISA and the NSA provides recommendations on securing CI/CD pipelines against malicious attacks. The post CISA, NSA Share Guidance on Securing CI/CD Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

CISA, NSA Share Guidance on Securing CI/CD Environments Read More »

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites

Application Security, CVE-2023-2834, CVE-2023-2986, CVSS 9.8, Vulnerabilities, WooCommerce, WordPress / SecurityTicks

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites 21/06/2023 at 19:14 By Ionut Arghire Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. The post Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Read More »

The limitations of shifting left in application security

Application Security, Bionic, Don't miss, Hot stuff, microservices, strategy, tips, Video / SecurityTicks

The limitations of shifting left in application security 21/06/2023 at 07:40 By Help Net Security In this Help Net Security video, Jacob Garrison, Security Research for Bionic, explains the limitations of shifting left in application security. Key factors hindering the effectiveness of shifting left: Achieving 50%+ application test coverage is unrealistic, especially in microservices environments

The limitations of shifting left in application security Read More »

Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits

Application Security, Zero-Day / SecurityTicks

Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits 15/06/2023 at 18:28 By Eduard Kovacs Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits. The post Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits appeared first on SecurityWeek. This article is an excerpt from

Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits Read More »

Patch Tuesday: Critical Flaws in Adobe Commerce Software

Application Security, Vulnerabilities / SecurityTicks

Patch Tuesday: Critical Flaws in Adobe Commerce Software 13/06/2023 at 19:21 By Ryan Naraine Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. The post Patch Tuesday: Critical Flaws in Adobe Commerce Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Patch Tuesday: Critical Flaws in Adobe Commerce Software Read More »

US Government Provides Guidance on Software Security Guarantee Requirements

Application Security, Government, Government Policy / SecurityTicks

US Government Provides Guidance on Software Security Guarantee Requirements 12/06/2023 at 16:22 By Ionut Arghire OMB has published new guidance on federal agencies obtaining security guarantees from software vendors. The post US Government Provides Guidance on Software Security Guarantee Requirements appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

US Government Provides Guidance on Software Security Guarantee Requirements Read More »

In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption

AI, Application Security, Government, Government Policy, Quantum cryptography / SecurityTicks

In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption 09/06/2023 at 19:30 By Eduard Kovacs Cybersecurity news that you may have missed this week: AI regulation, layoffs, US aerospace malware attacks, and post-quantum encryption. The post In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption appeared first on SecurityWeek. This article

In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption Read More »

Top factors driving enterprise demand for new cybersecurity technology

Application Security, CCgroup, cybersecurity, Endpoint Security, News, report / SecurityTicks

Top factors driving enterprise demand for new cybersecurity technology 08/06/2023 at 06:31 By Help Net Security Despite prevailing economic headwinds, the market for cybersecurity products and services remains buoyant, according to CCgroup. The study found that 78% of enterprises in the U.S. and 58% in the UK have increased cybersecurity investment in the last year,

Top factors driving enterprise demand for new cybersecurity technology Read More »

VMware Plugs Critical Flaws in Network Monitoring Product

Application Security, CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, VMWare, Vulnerabilities / SecurityTicks

VMware Plugs Critical Flaws in Network Monitoring Product 07/06/2023 at 19:02 By Ryan Naraine VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks. The post VMware Plugs Critical Flaws in Network Monitoring Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

VMware Plugs Critical Flaws in Network Monitoring Product Read More »

OWASP’s 2023 API Security Top 10 Refines View of API Risks

API, Application Security, OWASP / SecurityTicks

OWASP’s 2023 API Security Top 10 Refines View of API Risks 07/06/2023 at 15:49 By Kevin Townsend OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts. The post OWASP’s 2023 API Security Top 10 Refines View

OWASP’s 2023 API Security Top 10 Refines View of API Risks Read More »

Public sector apps show higher rates of security flaws

Application Security, cybersecurity, News, Ransomware, Veracode / SecurityTicks

Public sector apps show higher rates of security flaws 07/06/2023 at 07:09 By Help Net Security Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels

Public sector apps show higher rates of security flaws Read More »

Current SaaS security strategies don’t go far enough

Adaptive Shield, Application Security, data breach, Malware, News, Ransomware, report, SaaS / SecurityTicks

Current SaaS security strategies don’t go far enough 07/06/2023 at 06:04 By Help Net Security Many recent breaches and data leaks have been tied back to SaaS apps, according to Adaptive Shield. “We wanted to gain a deeper understanding of the incidents within SaaS applications and how organizations are building their threat prevention and detection

Current SaaS security strategies don’t go far enough Read More »

Microsoft, GitHub announce application security testing tools for Azure DevOps

Application Security, Azure, DevOps, Don't miss, GitHub, News, scanning, software development / SecurityTicks

Microsoft, GitHub announce application security testing tools for Azure DevOps 24/05/2023 at 14:34 By Zeljka Zorz GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub Advanced Security for Azure DevOps (Source: Microsoft) What is GitHub Advanced Security for Azure DevOps? GitHub

Microsoft, GitHub announce application security testing tools for Azure DevOps Read More »

Red Hat Pushes New Tools to Secure Software Supply Chain

Application Security, open source, Red Hat, Supply Chain Security / SecurityTicks

Red Hat Pushes New Tools to Secure Software Supply Chain 23/05/2023 at 17:49 By Ryan Naraine Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on

Red Hat Pushes New Tools to Secure Software Supply Chain Read More »

Google Launches Bug Bounty Program for Mobile Applications

Application Security, Mobile & Wireless / SecurityTicks

Google Launches Bug Bounty Program for Mobile Applications 23/05/2023 at 17:49 By Ionut Arghire Google introduces Mobile VRP bug bounty program for vulnerabilities in its mobile applications. The post Google Launches Bug Bounty Program for Mobile Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Google Launches Bug Bounty Program for Mobile Applications Read More »