Application Security Archives - Page 5 of 29

Nvidia targets insider attacks with digital fingerprinting technology

Issued by: CSO Online

Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and…

Application Security

Norton LifeLock Warns on Password Manager Account Compromises

Issued by: Dark Reading

Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning. Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on…

Application Security

What Are Some Ways to Make APIs More Secure?

Issued by: Dark Reading

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Application Security

C2A Security To Showcase Automotive Cybersecurity DevOps Platform at CES In Las Vegas, January 5-8

Issued by: Dark Reading

C2A Security, a leading provider of automated cybersecurity solutions for connected, autonomous, and electric vehicles will showcase its flagship product, EVSec, during the Consumer Electronics Show (CES 2023) taking place in Las Vegas, January 5-8, 2023. EVSec’s innovative automated cybersecurity DevOps platform helps C2A Security customers and partners including Thundersoft, NTT Data, Marelli, MIH, and…

Application Security

Twitter data of “+400 million unique users” up for sale – what to do?

Issued by: Naked Security

Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has advertised: I’m selling…

Application Security

When CISOs Are Ready to Hunt

Issued by: Dark Reading

Like a member of any profession, a chief information security officer (CISO) grows into their role. They exhibit a maturity curve that can be roughly split into five attitudes: Protection: When a CISO first steps into their role, they look to perfect the basics and build a fortress for themselves in the form of firewalls,…

Application Security

US DOJ Reportedly Investigates FTX Hack

Issued by: DataBreach Today

The U.S. Department of Justice is reportedly investigating the theft of nearly $400 million from FTX. The crypto exchange disclosed in November the day after it filed for bankruptcy that “unauthorized access” had led to the theft. The criminal investigation is separate from the fraud case Justice is pursuing against company co-founder Sam Bankman-Fried, Bloomberg…

Application Security

LastPass revealed that encrypted password vaults were stolen

Issued by: Security Affairs

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. In response to the incident, the company deployed containment and mitigation measures and implemented additional enhanced…

Application Security

California County Says Personal Information Compromised in Data Breach

Issued by: Security Week

The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files…