Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
10/21/2022
Simple Guide to Vulnerability Scanning Best Practices
A vulnerability scanner is software designed to assess infrastructures, networks, and applications for known cyber vulnerabilities companies must face.
10/19/2022
Clearing the Fog: Text4Shell is a Serious Vulnerability But Not Nearly as Bad As Log4Shell
Dubbed Text4Shell or Act4Shell, the vulnerability is eliciting some disconcerting responses from the security and tech communities.
10/19/2022
Experts downplay reach of Apache bug ‘Text4Shell’
Cybersecurity researchers are tamping down concerns around a recently discovered vulnerability affecting the popular Apache Commons Text library.
10/17/2022
Top 3 Serverless Mistakes
Ever experience a serverless nightmare?
10/14/2022
Understanding DDoS Attacks on US Airport Websites and Escalating Critical Infrastructure Cyberattacks
Pro-Russian hacker collective Killnet disrupted the websites of several US airports via DDoS attacks, and critical infrastructure will likely continue to face escalating cyber threats.
10/13/2022
CISA Alert: APT Groups Had “Long-Term Access” to a Defense Organization, Exfiltrated Sensitive Data
The Cybersecurity and Infrastructure Security Agency (CISA) and the Nation Security Agency (NSA) issued a joint cybersecurity advisory.
10/11/2022
Why Airports Need to Address Cybersecurity Now
Recent hacks of U.S. airports highlight a potential major event to halt our nation's air system due to a lack of preparedness.
10/07/2022
Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday
Former Uber security chief Joe Sullivan has been found guilty by a jury over his role in covering up a massive data breach suffered by the ride sharing giant in 2016.
10/07/2022
Ukraine Warns of Massive Russian Cyber Attacks on the Country’s and Allies’ Critical Infrastructure
Ukraine’s government warned of Russia’s planned massive cyber attacks against critical infrastructure facilities, especially the energy sector.
10/06/2022
Low code doesn’t necessarily mean low security risks
Low-code has many benefits, and they’ve been widely discussed in a number of articles here on SD Times.
10/06/2022
Contrast Scan empowers developers to analyze front-end code for vulnerabilities
Contrast Security announced the expansion of its Secure Code Platform’s static application security testing (SAST) capabilities.
10/06/2022
Did a former Uber executive’s conviction just make the CISO job harder? It’s complicated
A messy Silicon Valley court case has ended with a guilty verdict, and it’s worth unpacking what the result does—and doesn’t—mean for an important C-suite position.