Application Security Archives - Page 4 of 29

Adaptive Access Technologies Gaining Traction for Security, Agility

Issued by: Dark Reading

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Application Security

FDA Announces New Cybersecurity Requirements for Medical Devices

Issued by: SecurityWeek

Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…

Application Security

Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Issued by: SecurityWeek

Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI. The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be trained on data from Redmond’s massive trove of telemetry…

Application Security

40% of Global ICS Systems Attacked With Malware in 2022

Issued by: Dark Reading

More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…

Application Security

Hacker Cracks Toyota Customer Search Tool

Issued by: Dark Reading

A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…

Application Security, Software Security

Closing the Gap in Threat Visibility

Issued by: DataBreach Today

Threat visibility has always been an unruly challenge. Security teams find themselves inundated with alerts, many of which are false alarms. The irony is that, even as defenders can see more information about threats than ever before, attackers can slip right by because of all the noise. And the attackers know this, so they create…

Application Security

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Issued by: Security Affairs

Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers exploited a flaw in a third-party media software package to target the firm. “Our investigation has revealed that the threat actor…

Application Security

How to Reduce Code Risk Using Pipelineless Security

Issued by: Dark Reading

Secrets embedded in source code pose a risk to developers and the organizations they work in. Secrets can be used to take over both user and service accounts, which can lead to sensitive data exposure, operational risks, and financial or reputational damage. There are many commercial and open source projects available to detect hardcoded secrets,…

Application Security

Reddit Hack Shows Limits of MFA, Strengths of Security Training

Issued by: Dark Reading

The latest hack of a well-known company highlights that attackers are increasingly finding ways around multifactor authentication (MFA) schemes — so employees continue to be an important last line of defense. On Jan. 9, Reddit notified its users that a threat actor had successfully convinced an employee to click on a link in an email…