Application Security Archives - Page 4 of 29

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Issued by: Security Affairs

Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers exploited a flaw in a third-party media software package to target the firm. “Our investigation has revealed that the threat actor…

Application Security

How to Reduce Code Risk Using Pipelineless Security

Issued by: Dark Reading

Secrets embedded in source code pose a risk to developers and the organizations they work in. Secrets can be used to take over both user and service accounts, which can lead to sensitive data exposure, operational risks, and financial or reputational damage. There are many commercial and open source projects available to detect hardcoded secrets,…

Application Security

Reddit Hack Shows Limits of MFA, Strengths of Security Training

Issued by: Dark Reading

The latest hack of a well-known company highlights that attackers are increasingly finding ways around multifactor authentication (MFA) schemes — so employees continue to be an important last line of defense. On Jan. 9, Reddit notified its users that a threat actor had successfully convinced an employee to click on a link in an email…

Application Security, Network Security

Are We Doomed? Not If We Focus on Cyber Resilience

Issued by: DataBreach Today

Here’s how to doom a cybersecurity program: Think of cybersecurity as a war against an attacker that must be fought to the finish, invest in threat tracking technology for threats your organization has no capabilities to defend against, and let the sunk cost effect determine how you spend your security budget. In reality, cybersecurity is…

Application Security

API management (APIM): What It Is and Where It’s Going

Issued by: Security Affairs

So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies, including API management (APIM). In this article, we’re taking a…

Application Security

CISA to Open Supply Chain Risk Management Office

Issued by: Dark Reading

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit…

Application Security

Poser Hackers Impersonate LockBit in SMB Cyberattacks

Issued by: Dark Reading

A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own. According reports from Belgium’s Computerland publication, the “wannabes,” while not as…

Application Security, Cloud Security, Software Security

Will Cybersecurity Remain Recession-Proof in 2023?

Issued by: Dark Reading

We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…