Top

Category: Software Security

Software Security


Software Security

Ransomware attacks are ongoing: a recap of major recent incidents, including this week’s hit on The Guardian

December 21, 2022

Via: TechSpot

The Guardian reported on Wednesday that it suffered a “significant IT incident,” which is suspected to be a ransomware attack. The publication hasn’t revealed the details of the breach, but it appears to have mainly affected internal systems not visible […]


Software Security

Android security defeated with stolen Platform certificates

December 5, 2022

Via: TechSpot

Facepalm: Like any other modern operating system, Android’s design employs a “privilege” based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow. An undefined number of Platform digital certificates […]


Software Security

API Security: From Defense-in-Depth (DiD) To Zero Trust

December 1, 2022

Via: InfoQ

From the survey, we could see that nearly all companies have experienced API security incidents. However, only 11% of companies have an API security policy that includes dedicated API testing and protection. So, what kinds of protection should a company […]


Software Security

Is TikTok a National Security Threat? FBI Says App Could Weaponize Collected User Data

November 16, 2022

Via: Tech Times

TikTok could be a national security threat, as claimed by FBI Director Christopher Wray. He shared his concerns regarding the social media platform during the House Homeland Security Committee hearing on Tuesday, Nov. 15. The conference’s discussions focused on worldwide […]


Software Security

Half of all macOS malware comes from this one app

November 15, 2022

Via: BGR

According to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts […]


Software Security

OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched

November 3, 2022

Via: InfoQ

Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification. Both CVE-2022-3786 and CVE-2022-3602 describe two buffer overflow […]


Software Security

OpenSSL warns of critical security vulnerability with upcoming patch

October 27, 2022

Via: ZDnet

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down […]


Software Security

It’s time to prioritize SaaS security

October 21, 2022

Via: InfoWorld

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud […]


Software Security

Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline

October 21, 2022

Via: InfoQ

Have you ever put a DAST (Dynamic Application Security Testing) in your CI/CD pipeline, turned it on, and suddenly your pipeline processes jump from taking minutes to hours? Are you suddenly finding thousands of issues that are completely unreasonable for […]


Software Security

Telegram Founder Alerts Public of WhatsApp Security Threats

October 6, 2022

Via: Tech Times

Telegram founder Pavel Durov warned people to “stay away” from messaging freeware Whatsapp if they do not want their devices to be infiltrated by hackers. As per the Independent, Pavel Durov referenced a security flaw revealed by WhatsApp last week […]


Software Security

Here come the new Red Hat Enterprise Linux distros

October 3, 2022

Via: ZDnet

Red Hat is the Linux distro security leader. And with its latest Red Hat Enterprise Linux (RHEL) beta releases, RHEL 8.7 and 9.1, the Linux powerhouse company is continuing to stake out its security claims. Red Hat is releasing both […]


Software Security

Is It Time to Rethink DevSecOps After Major Security Breaches?

September 29, 2022

Via: InformationWeek

Recent high-profile hacks at Rockstar Games and Uber might not stem from DevSecOps issues, but discussions of this aspect of security may be worth having now. One of the goals of applying a DevSecOps approach to software development is to […]


Software Security

Apps can pose bigger security, privacy threat based on where you download them

September 27, 2022

Via: Ars Technica

Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on them. […]


Software Security

NSA to developers: We’ve got some software supply chain security tips for you

September 2, 2022

Via: ZDnet

US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software. The new guidance is meant to help US private and public sector organizations defend themselves […]


Software Security

Article: What Does Zero Trust Mean for Kubernetes?

August 25, 2022

Via: InfoQ

Zero trust is a powerful security model that’s at the forefront of modern security practices. It’s also a term that is prone to buzz and hype, making it hard to cut through the noise. So what is zero trust, exactly, […]


Software Security

New Microsoft Defender Products: Threat Intelligence and External Attack Surface Management

August 17, 2022

Via: InfoQ

Microsoft recently announced two security products: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These new products are driven by their acquisition of RiskIQ just over one year ago. Microsoft acquired RiskIQ, a global threat intelligence and […]


Software Security

Apple Removes Scam App That Led to Hijacked Facebook Ad Accounts

August 5, 2022

Via: MacRumors

Apple has removed an app that it was unknowingly hosting on the App Store that scammed Facebook advertisers and led hackers to use advertisers’ ad budgets to run possibly malicious ads on Facebook’s platforms, Business Insider reports. The app previously […]


Software Security

How Security Resignations Affect Developers’ Workloads

July 25, 2022

Via: InformationWeek

Amid the Great Resignation, security professionals can be hard to come by. The labor shortage impacts organizations overall; it also has a unique effect on developers. This is because, when security and engineering aren’t in tune, organizations don’t operate efficiently. […]


Software Security

Are banks quietly refusing reimbursements to fraud victims?

July 5, 2022

Via: ComputerWorld

There are some scary reports popping up that various major financial institutions no longer credit back all fraudulent transactions, even when victims file a police report. If true, it’s a disastrous move that will painfully hurt the institutions. “Under a […]


Software Security

Windows 11 Tests New Privacy Features to See Which Apps Were Spying On You

June 20, 2022

Via: Tech Times

Windows 11 has a new privacy feature currently testing method that allows you to check which programs you have installed that have recently accessed sensitive hardware on your computers, such as your microphone and camera. Windows 11 New Privacy Feature […]