Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
04/09/2024
DOJ data on 341,000 people leaked in cyberattack on consulting firm
A cyberattack on a consulting firm working for the U.S. Department of Justice resulted in the theft of personal and medical data belonging to more than 340,000 individuals.
04/09/2024
When GenAI and low-code collide: What could go wrong for AppSec?
Here's why the duo results in a perfect storm, key considerations — and expert advice on how engineering and application security teams can tackle the problem.
04/09/2024
CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations
“Modern software is tremendously complex, and ensuring compliance with the dizzying array of standards is overwhelming,” said Jeff Williams, CTO of Contrast Security and the first Global Chair of OWASP. “CycloneDX Attestations (CDXA) makes “compliance as code” possible with machine-readable security standards and compliance documentation, instead of endless PDFs, spreadsheets, and paper evidence. With CDXA, you can automate production of compliance evidence, streamline communication between all compliance stakeholders, facilitate discussions about substantive security issues, handle exceptions, and manage signatures. We’re hoping CDXA marks the beginning of a new era where compliance and security are not entirely different things.”
04/04/2024
Russian Hackers Target German Political Parties with Fake Dinners to Deploy WINELOADER Backdoors
State-sponsored Russian hackers are targeting German political parties with fake dinner invites to deploy malware, establish persistence, and exfiltrate data.
04/03/2024
Microsoft Online Exchange Attack Preventable: CSRB
An attack on the Microsoft Exchange Online intrusion conducted by a Chinese-based attack group was preventable, the Cyber Safety Review Board (CSRB) said in a report.
04/02/2024
Cyber 'axis of evil' poised for more attacks on Australia, expert warns
A dangerous "axis of evil in cyberspace" is primed to launch more attacks on major Australian companies, a leading cybersecurity expert has warned, claiming the compromised networks of Medibank and Optus are just phase one in a dark master plan.
03/29/2024
Don’t Let This Happen to You: Cautionary Tales of Data Loss for World Backup Day 2024
The World Backup Day is observed on March 31, serving as a reminder of the possibility or certainty of data loss from human error, system failure, or threat actors’ malicious intent. As World Backup Day 2024 approaches, read about some of the data loss horror stories members of the Spiceworks Community witnessed and how they could have been prevented.
03/28/2024
Google: Zero-day exploits increasingly target enterprise technologies
The number of zero-day vulnerabilities exploited in-the-wild jumped significantly in 2023, as threat actors focused their efforts on enterprise-specific software and appliances, according to new research.
03/28/2024
US Puts Up $10M Bounty on BlackCat Ransomware Gang Members
Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure.
03/26/2024
Top 10 Application Security Companies in 2024
Application security (AppSec) in 2024 is expected to see some key trends driven by the evolving threat landscape and the increasing adoption of cloud-native technologies.
Here’s a glimpse into what you can expect.
03/26/2024
UK and US Blame China’s State-Sponsored Hackers for Parliament Cyber Espionage, Cyber Attacks on Energy Industry
A known state-sponsored hacking group from China has been sanctioned by the US Treasury Department for a campaign of cyber attacks over the past decade, and has been named by the UK’s National Cyber Security Centre (NCSC) as the culprit in a 2021 cyber espionage campaign against parliamentarians.
03/25/2024
China-Linked APT Sanctioned By U.S.
China-based attack groups continue to target United States critical infrastructure and now the U.S. took a step in one direction Monday to start fighting back.