application security Archives - Page 8 of 15

Facebook: Iranian Hackers Target Military, Aerospace Entities in the US

Issued by: Security Week

Recent activity that Facebook associated with the group focused on military personnel, defense organizations, and aerospace entities primarily in the United States and, to a lesser extent, the U.K. and Europe, showing an escalation of the group’s cyberespionage activities. Active since at least 2018, Tortoiseshell was previously observed targeting information technology organizations in the Middle…

Application Security

Firefox 90 Adds Cross-Origin Protections, Advanced Tracker Blocker

Issued by: Security Week

The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and speculative cross-site execution side channel attacks (such as Spectre). With the newly introduced feature, web application servers can distinguish between same-origin and…

Application Security

Sevco Security Banks $15 Million Series A Funding

Issued by: Security Week

Sevco Security, based in Austin, Texas, has raised $15 million in Series A funding led by SYN Ventures. The company said .406 Ventures, Accomplice, Bill Wood Ventures and fama Ventures also joined as investors. In a statement, Sevco Security said its platform delivers two values to customers: continuous converged visibility of all assets across siloed…

Application Security

Noname Security Raises $60 Million in Series B Funding

Issued by: Security Week

Founded in 2020, the Silicon Valley-based enterprise API security startup aims to help organizations secure both managed and unmanaged APIs. The startup says it has seen fast growth since emerging from stealth in December 2020. Over the past six months, the company has attracted 40 channel, reseller, and technology partners, while also adding hundreds of…

Application Security

GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016

Issued by: Security Week

According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services. The amount is roughly the same as in the previous year. GitHub said it received more than 1,000 submissions through its public and private bug bounty programs, and claimed that its…

Application Security

Google Rolling Out Security Update for Google Drive

Issued by: Security Week

With this update, the search advertising giant is adding a resource key to sharing links, which will impact access to the files for those users who haven’t yet viewed the files. “Once the update has been applied to a file, users who haven’t viewed the file before will have to use a URL containing the…

Mobile Security

Vulnerabilities in Zephyr’s Bluetooth LE Stack May Lead to DoS Attacks

Issued by: Security Week

Six of the flaws, the researcher explains, could be abused by an attacker by sending malformed input that would cause the device to freeze. This could result in the device rebooting itself or may even allow for remote code execution in some instances. Other vulnerabilities could be exploited either to cause the device to misbehave…

Network Security

Mitre Adds D3FEND Countermeasures to ATT&CK Framework

Issued by: Security Week

The project, called D3FEND, is available through the non-profit Mitre Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality. Mitre described D3FEND as an “early stage experimental research project”…

Application Security

Google Intros SLSA Framework to Enforce Supply Chain Integrity

Issued by: Security Week

The U.S. tech giant this week unveiled SLSA (Supply chain Levels for Software Artifacts), a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. The framework, released as part of the OpenSSF Foundation, is essentially a set of…

Application Security

New Google Tool Helps Developers Visualize Dependencies of Open Source Projects

Issued by: Security Week

In an effort to help developers gain a better perspective into the packages their open-source projects rely on, Google has introduced Open Source Insights, an exploratory visualization site that offers a view of dependencies, in an organized and accessible way. One of the main issues that Open Source Insights aims to address is related to…