Skip to content

In the News

Featured

06/13/2024

Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives

Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”

Read More
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives

04/30/2024

Change Healthcare, compromised by stolen credentials, did not have MFA turned on

“This underscores pure negligence on the part of UnitedHealth,” Tom Kellerman, SVP of cyber strategy at Contrast Security, said via email. “Negligence in cybersecurity led to systemic breaches across the U.S. healthcare industry. The long-term effects of this massive breach will be felt for years to come.”
[The story also ran in Healthcare Dive.]

Read More arrow-right-tertiary

04/29/2024

Cyber Spies Hit Cisco Firewalls in Zero-Day Exploits

Tom Kellermann, Contrast Security senior vice president of cyber strategy, said that cybersecurity companies are “increasingly targeted by nation states for the purposes of island hopping.” He said it’s important to “remember that all cybersecurity companies develop software and in many cases they are not rigorous with their DevSecOps. This has been a banner year for zero days and thus runtime security must be implemented to mitigate the exposure.”

Read More arrow-right-tertiary

04/25/2024

5 ways Runtime Security cuts through exploding software complexity

Software complexity is exploding. Modern applications and application programming interfaces (APIs) comprise hundreds of repositories, frameworks, components, platforms, containers, services and connections. The rapidly increasing use of third-party, open-source libraries and AI-generated code is aggravating the challenge.

Read More arrow-right-tertiary

04/24/2024

Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.

Read More arrow-right-tertiary

04/24/2024

People on the Move

Contrast Security, a company specializing in runtime and application security, has appointed Shay Mowlem as Chief Marketing Officer (CMO). Prior to Contrast, Mowlem held executive marketing and product roles at NinjaOne, Illumio, Rubrik, MuleSoft and Splunk.

 

Read More arrow-right-tertiary

04/23/2024

State-Sponsored Russian Hackers Linked to Breach of Texas Water Treatment Plant

Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.

Read More arrow-right-tertiary

04/23/2024

Contrast Security Welcomes Shay Mowlem as Chief Marketing Officer to Drive Global Expansion

Contrast Security announces the appointment of Shay Mowlem as Chief Marketing Officer (CMO), tasked with leading the company's global marketing endeavors. With a focus on Contrast's groundbreaking Runtime Security platform, Mowlem brings a wealth of experience from esteemed enterprise software companies, setting the stage for heightened strategic direction and accelerated growth.

Read More arrow-right-tertiary

04/23/2024

Leveraging AI to Bolster Cloud Security for APIs and Microservices

Runtime Application Self-Protection (RASP): Employing Runtime Application Self-Protection (RASP) solutions like Contrast Security or Veracode involves embedding security policies into API runtime environments to enforce measures against common threats like injection attacks and data exposure.  

Read More arrow-right-tertiary

04/18/2024

OWASP looks to future-proof SBOMs with CycloneDX 1.6

The foundation is upgrading the standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.

 
Read More arrow-right-tertiary

04/12/2024

ISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021

Gender and ethnicity gaps persist, but female executives and middle managers earned more on average than male counterparts, according to the survey.

Read More arrow-right-tertiary

04/11/2024

How MSSPs, MSPs Can Help Defend the Water Supply

It’s hard to imagine a cyberattack on critical infrastructure target any more disastrous and cruel than to a source of drinking water. Yet, the White House says there is now evidence that state-sponsored threat actors are doing just that.

Read More arrow-right-tertiary

04/11/2024

Will There Ever Be a Solution to Zero-Day Exploits? Expert Analysis

Pushed by the rapid acceleration and abundance of new software, updates, and apps being released, the software development sector is leaving wide security gaps and weak points across architectures.

Read More arrow-right-tertiary

Experience Contrast today

Schedule a one-to-one demo to see what Contrast Runtime Security can do for you