Application Security Archives - Page 3 of 29

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

Issued by: Naked Security

The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. To explain, a 2FA (two-factor authentication) app is one of those programs that you run on your mobile phone or…

Application Security

‘Good’ AI Is the Only Path to True Zero-Trust Architecture

Issued by: Dark Reading

Threat actors armed with artificial intelligence (AI) tools like ChatGPT can pass the bar exam, ace an Advanced Placement biology course, and even create polymorphic malware. It’s up to the cybersecurity community to put AI to work to combat it. RSA CEO Rohit Ghai used the opening keynote of this year’s RSAC in San Francisco,…

Application Security

Double zero-day in Chrome and Edge – check your versions now!

Issued by: Naked Security

If you’re a Google Chrome or Microsoft Edge browser fan, you’re probably getting updates automatically and you’re probably up to date already. However… …just in case you’ve missed any updates recently, we suggest you go and check right now, because the Chromium browser core, on which both Edge and Chrome are based, has patched not…

Application Security

Google Warns of New Chrome Zero-Day Attack

Issued by: SecurityWeek

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…

Application Security, Cloud Security, Software Security

Adaptive Access Technologies Gaining Traction for Security, Agility

Issued by: Dark Reading

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Application Security

FDA Announces New Cybersecurity Requirements for Medical Devices

Issued by: SecurityWeek

Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…

Application Security

Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Issued by: SecurityWeek

Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI. The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be trained on data from Redmond’s massive trove of telemetry…

Application Security

40% of Global ICS Systems Attacked With Malware in 2022

Issued by: Dark Reading

More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…

Application Security

Hacker Cracks Toyota Customer Search Tool

Issued by: Dark Reading

A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…

Application Security, Software Security

Closing the Gap in Threat Visibility

Issued by: DataBreach Today

Threat visibility has always been an unruly challenge. Security teams find themselves inundated with alerts, many of which are false alarms. The irony is that, even as defenders can see more information about threats than ever before, attackers can slip right by because of all the noise. And the attackers know this, so they create…