Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
10/06/2022
Former Uber CSO convicted for covering up massive 2016 data theft
Passing off a ransom payment as a bug bounty? That's obstruction of justice.
10/05/2022
Contrast Security introduces new security testing tools for JavaScript frameworks
Contrast Security, the code security company, today announced the expansion of its Secure Code Platform’s static application security testing capabilities.
10/04/2022
How to build more secure APIs
If applications were organic, application programming interfaces (APIs) would be the circulatory system.
10/04/2022
Microsoft Updates Mitigation for Exchange Server Zero-Days
Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed.
09/30/2022
Lazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries
Threat actors associated with North Korea have been spotted weaponizing legitimate open–source software targeting employees in organizations across multiple industries.
09/29/2022
The curious case of cyber warriors: backing nation states in cyberwarfare
Traditional warfare seems no longer fit for purpose, overshadowed by the possibility of mutual destruction thanks to the creation of nuclear weapons.
09/29/2022
Tom Kellermann's New Mission: Secure the Code
Cybersecurity Veteran Focuses on Advising Government, Financial Sectors.
09/28/2022
Russia said to be preparing mass cyberattacks on critical infrastructure facilities in Ukraine
The Ukrainian government said that the Kremlin is planning to carry out massive cyberattacks on the critical infrastructure facilities in Ukraine and critical infrastructure institutions of Ukraine’s allies.
09/23/2022
Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps
Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.
09/21/2022
Hackers steal over $160 million from crypto market maker Wintermute
Cryptocurrency market maker Wintermute was breached in the early hours of Sept. 20
09/17/2022
Serious breach at Uber spotlights hacker social deception
The ride-hailing service Uber said Friday.