Category: Software Security

December 5, 2023

It has now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords. 23andMe previously disclosed in a Securities and Exchange Commission filing that 0.1 […]

December 4, 2023

It’s been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. The question is, how far has security come since then? Do DevSecOps teams have […]

November 14, 2023

The emergence of cloud-native architectures has dramatically changed the ways applications are developed, deployed, and managed. While cloud-native architectures offer significant benefits in terms of scalability, elasticity, and flexibility, they also introduce unique security challenges. These challenges often diverge from […]

November 7, 2023

Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity. Tetragon can […]

November 2, 2023

In today’s rapidly transforming digital world, APIs have become the linchpin for quick delivery of business functionality. These digital connectors underpin much of the enterprise innovation we witness today, from seamless customer experiences to integrated partner ecosystems. Yet, as the […]

October 31, 2023

When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover® […]

October 18, 2023

The Google Play Store might not be perfect for stopping Android malware, but its collection of scanning, app reviews, and developer requirements makes it a lot safer than the wider, unfiltered Internet. The world outside Google’s walled garden has no […]

October 5, 2023

BastionZero’s OpenPubkey, which is a new cryptographic protocol that’s designed to fortify the open-source software ecosystem, is now a Linux Foundation open-source project. Docker is also integrating OpenPubkey, so that you can use it for container signing. This innovative cryptographic […]

August 31, 2023

The Open Source Consumption Manifesto from OpenSSF aims to make the software industry more aware of its responsibility when it comes to ensuring the software supply chain remains secure and healthy. The importance of open source software today cannot be […]

August 11, 2023

Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106. This helps preventing man-in-the-middle attacks against […]

July 24, 2023

The Log4j vulnerability in December 2021 spotlighted the software supply chain as a massively neglected security surface area. It revealed just how interconnected our software artifacts are, and how our systems are only as secure as their weakest links. It […]

June 28, 2023

Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. In the report, The 2023 Global […]

June 22, 2023

Benjamin Franklin once wrote: “For the want of a nail, the shoe was lost; for the want of a shoe the horse was lost; and for the want of a horse the rider was lost, being overtaken and slain by […]

June 20, 2023

Web applications are foundational to a company’s business and brand identity yet are highly vulnerable to digital attacks and cybercriminals. As such, it’s vital to have a robust and forward-leaning approach to web application security. With an estimated market size […]

June 19, 2023

A ransomware group that hacked into Reddit’s servers back in February is threatening to release stolen data if Reddit does not walk back its planned API changes, reports Bleeping Computer (via The Verge). At the time of the hack, no […]

June 15, 2023

In today’s Finance world, the protection of sensitive information has become paramount. With data breaches and privacy concerns on the rise, individuals and organizations alike are seeking effective solutions to safeguard their confidential data. One such solution is data redaction […]

June 6, 2023

Cybercrime is increasing in efficiency, efficacy, and scale. Although organizations are frantically trying to prevent attacks from reaching their environments, there’s also an understanding that breaches are inevitable. According to IBM’s 2022 Cost of a Data Breach report, 83% of […]

June 2, 2023

Keeping safe online is about to get a lot easier for Edge users thanks to a major security update from Microsoft. The software giant has revealed it is working on an upgrade for its web browser that will bring “enhanced […]

May 31, 2023

Most applications built today leverage Application Programming Interfaces (APIs), code that makes it possible for digital devices, applications, and servers to communicate and share data. This code, or collection of communication protocols and subroutines, simplifies that communication, or data sharing. […]

May 23, 2023

The people who maintain traditional data center systems have always objected to having IT assets managed by systems outside their firewalls. Years ago, when I predicted that this would happen, people would often laugh and not believe me. The signs […]