Cloud APIs’ accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets. Public cloud infrastructure presents security teams with a new invisible management layer, creating new security challenges that demand better understanding. Many organizations don’t properly understand the cloud identity and access management layer and often fail
Aware of the risks inherent in software, businesses are recognizing the need for application security. It has long been common for developers to operate with tunnel vision: Driven by the demand to get their products to market first, security has traditionally been either tacked on at the end or not considered at all. This lack
Researchers show how simply connecting to a rogue machine can silently compromise the host. Most security professionals know they can use Microsoft’s Remote Desktop Protocol (RDP) to connect to other machines but may not consider how merely using RDP could compromise one. A recently discovered RDP vulnerability could silently compromise a host when it connects
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations. As we pass the one-year anniversary of the General Data Protection Regulation (GDPR) and look ahead to the upcoming enforcement of the California Consumer Privacy Act (CCPA) on January 1, 2020, what do privacy best practices look like?
Researchers explore how modern security problems can be solved with an examination of society, technology, and security. Cybersecurity challenges cannot be solved with computers alone. They demand a closer look at how social and technical systems overlap, and how this growing overlap influences security. As it stands, many of these issues are being addressed separately.
If the appsec industry were to develop a better AST solution from scratch, what would it look like? As software, aka applications, microservices, and workloads, increasingly moves into the cloud, its protection has become paramount. Recent research highlights this need, pointing to application vulnerabilities as the leading source of security breaches in 2018. The “Verizon
Recommended best practices not effective against certain types of attacks, they say. Automated online password-guessing attacks, where adversaries try numerous combinations of usernames and passwords to try and break into accounts, have emerged as a major threat to Web service providers in recent years. Next week, two security researchers will present a paper at the
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis. Radiflow has a new approach for organizing attack characteristics and evaluating vulnerabilities on OT networks, the industrial cybersecurity company announced today. While reporting on security incidents and attack campaigns is growing, each reporting organization has a different approach for